
Web traffic redirected to China still a mystery - iuguy
http://news.cnet.com/8301-27080_3-20019093-245.html
======
woodrow
Renesys has written about this twice with more facts and less speculation:
<http://www.renesys.com/blog/2010/06/two-strikes-i-root.shtml>,
[http://www.renesys.com/blog/2010/03/fouling-the-global-
nest....](http://www.renesys.com/blog/2010/03/fouling-the-global-nest.shtml)

The gist of things it that the mainland Chinese network operators allowed the
anycasted routes for the I-root in China to leak outside of their networks and
into the global BGP routing table. If you made a DNS request to the I-root
during that leak, and the best route to the I-root prefix was the leaking
route from China, then your DNS traffic went through the great firewall and
was altered accordingly.

Finally, I want to give the article the benefit of the doubt with regard to
this:

    
    
      And he said he believes there were more instances of Web traffic 
      being diverted to China, or "hijacked," around that time, but 
      wouldn't elaborate. "I believe it happened more than twice," 
      Joffe said. "I can't comment on how many times because the 
      information is not generally public."
    

but _many_ views of the BGP routing table are public (<http://routeviews.org>)
and/or fairly well monitored for hijackings, etc. by network operators and
others like Renesys and BGPMon (<http://bgpmon.net/>). Unless this is
occurring only within China's regional networks, I expect we would've heard
something about this already.

------
pmorici
Couldn't this be the result of a misconfigured router that broadcasts that it
is the shortest hop to everywhere? I recall in school one of the professors
said they had to put protections in place in one of the labs because one of
the students router projects had once gone awry and did something similar.

------
revicon
"Operators of those servers would have had the capability to read, delete, or
edit unencrypted e-mail and other communications passing through those servers
during that time, he said. The Secure Sockets Layer (SSL), used by e-commerce
sites to encrypt traffic over the Internet, has been compromised so even
supposedly protected traffic could have been exposed, according to Joffe."

This bit of the article doesn't make sense to me, and wasn't explained
further. How could SSL be compromised via an Internet routing hack such as
this?

------
zitterbewegung
Possibly this is some kind of political statement to show people how the
internet looks in china?

~~~
arch_hunter
Possibly. Or somebody could be using servers in China in a "man-in-the-middle"
attack to get information while it is en-route.

