
Chinese Routing Errors Redirect Russian Traffic - striking
http://research.dyn.com/2014/11/chinese-routing-errors-redirect-russian-traffic/
======
lazaroclapp
Thing is, the network layer of the internet was never intended to be secure.
Routing data through unknown hosts controlled by untrusted public
organizations, private enterprises and foreign countries, when it makes sense
on the technical/business level, is what internet routing protocols are
designed to do. Sure, here we are talking about BGP using a less-than-ideal
route, but the same effect (traffic going from Russia into China then back
into Russia) could very well happen from the intended behavior of the
protocols. The network layer is explicitly assumed/designed to be unreliable,
insecure and hard to centrally control (for TCP/IP, this is not true of some
cell-based/virtual-circuit networking layers). This is why security should be
built at the end points (namely encryption and authentication) and not assumed
from the network layer.

p.s. A very simple way to make Russian internet more secure against foreign
powers would be to have a highly competent government-operated certificate
authority which would issue EV TLS certificates for free to Russian businesses
and individuals. Then pass two laws, one requiring web browsers sold or
distributed in Russia to only allow that certificate authority for .ru
domains, and a second one requiring web sites to get those certificates
(either for all websites or only those considered 'sensitive'). This doesn't
solve the issue of foreign-owned and foreign-located cloud services, and is
honestly a worse solution than working at an international level to create a
better standard for authentication and data protection than host certificates
and certificate authorities. But, from the point of view of a single country's
government with (let's face it, reasonable) paranoia about foreign spying on
their internal internet communications, this would be about the best 'counter-
measure' that I can see being realistically applied.

~~~
userbinator
_Routing data through unknown hosts controlled by untrusted public
organizations, private enterprises and foreign countries, when it makes sense
on the technical /business level, is what internet routing protocols are
designed to do._

That's basically what Tor does, and its users are perfectly fine - expecting
that - their traffic goes through many other hosts before it reaches its
destination. The reason this isn't a problem is largely due to...

 _This is why security should be built at the end points (namely encryption
and authentication) and not assumed from the network layer._

------
contingencies
... meanwhile, US physical internet infrastructure dominance redirects world
traffic.

I've often wondered why China and Russia don't collaborate to build a hyper-
fast redundant fiber network across from Asia to Europe, and cut the US out of
the middle. Surely the long term commercial and geopolitical gains would
outweigh the initial investment? I suppose from China's side they're happy
mostly disconnected ... and from Russia's, there's no other neighbouring
states with cash, perhaps with the exception of Japan and Korea. Anyone know
if they do direct links? I know coming out of China they're often faster than
the US, but bouncing out through Russia to Europe is an avenue unexplored
versus the de-facto US west coast routing.

~~~
seanmcdirmid
Links are built for economic reasons. There are plenty of good biz reasons to
direct traffic from China to Europe and the USA, not much to direct traffic
through Siberia and Russia's Far East. Want to send a packet from Harbin to
Vladivostok (which is quite nearby), you are probably going to go through SF
or at least Japan.

People forget China and Russia were outright hostile in the 70s (one of the
reasons China opened up to the US), and Russia is still probably considered a
bigger adversary than far away USA.

~~~
Retric
More importantly global traffic is 24/7, but people sleep. The US has strong
links to Europe and Asia AND there asleep though most of Asia's work day. So,
even if the Asia - India - Europe or Asia - Russia - Europe links where just
as strong they would also be in use during most of Asia's work day.

Don't forget Routers care more about congestion than how far they need to send
a packet.

------
comboy
This is making me want to dive into urbit a bit more.

------
socceroos
"whoops"

------
dang
Url changed from [http://arstechnica.com/security/2014/11/wtf-russias-
domestic...](http://arstechnica.com/security/2014/11/wtf-russias-domestic-
internet-traffic-mysteriously-passes-through-china/), which points to this.

~~~
striking
Personally, I thought the Ars Technica article was a little nicer in summing
up the situation, but I can understand why you changed it. Thanks for keeping
the site clean!

