Yusuf On SecuritySecurity news, opinion and advice

Internet Hiccup

The Internet literally stands for interconnected networks. Essentially it is made out of individual networks. These individual networks are referred to as Autonomous Systems, abbreviated as ‘ASs’; independently managed by regional ISPs but also organisations. An AS is made up of routers both internal and external and the boundaries or edge of these ASs are fenced by external facing routers. In that sense internal routers connect to other routers within the same AS and run interior routing protocols. So, in reality, the Internet is just a network made up of ASs and routing protocols.

Now take the World as an example. It is made up of different countries. In the same way, the Internet is made up of different ASs. Each AS has delineation boundaries just like countries. Just as countries can have their own languages, ASs have their own internal routing protocols. Countries that speak different languages need to have a way of communicating to one another. So ASs need to have a standardised method of communicating and working together and, for this routing protocols are use. One of these protocols is referred to Border Gateway Protocol or BGP. BGP facilitates routers on different part of the world i.e different ASs to share routing information to ensure effective packet delivery and efficient routing between the different AS networks. Typically BGP is used between big iron servers found in large infrastructure data centres to route data from one hop to the next on the Internet.

BGP is a protocol used by routers to advertise routes that they have to offer and to receive the routes that their connected routers have to offer. You can say it’s sort of like a big peer-to-peer network (between routers) that all the routers are taking part to share the information about what they know -what they have in their route table. So in a nutshell that is how the Internet’s global routing tables are kept in synch.

“The architecture of the Internet that supports these various ASs is created so that no entity that needs to connect to a specific AS has to know or understand the interior routing protocols that are being used.” This is based on trust and this is where problems occur from time to time.
For something that is fundamental as global routing tables unfortunately mistakes are made.

on June 12th, at 08:43 UTC this is exactly what happened to Telekom Malasia Autonomous Systems 4788 (AS4788, each ISP has a number) when it announced that it can route far more than it is capable of. For a reason that can only be attributed a mistake, they started to announce 179,000 routing prefixes. That is a lot.

Needless to say that completely buried them and saturated their connectivity. Packet losses hit the ceiling -as much as 100%. Consequently this caused much felt global Internet slowdown.

Security without checks and balances can bring you something you did not intend to receive.

Perhaps another thing that is a cause for concern is the fact that as IP space becomes fragmented due to these being sold in large junk, dealing with routes may never be the same. But that is another topic all together.

Join the discussion

Further reading

What will it take?

A great piece on what it will take to improve the safety of the connected world. Read it here.

Extended detection and response (XDR)

Extended detection and response (XDR) captures threat data from previously isolated security tools throughout the organizations tech stack to enable...

Log4j Vulnerabilities

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called...