Security Experts:

China Telecom Routes European Traffic to Its Network for Two Hours

For two hours last week, a BGP route leak resulted in large portions of European Internet traffic being routed through China Telecom’s network.

According to a report from Oracle, the incident started at 09:43, on June 6, 2019, and consisted of Swiss data center colocation company Safe Host leaking over 70,000 routes to China Telecom in Frankfurt, Germany.

The Chinese telecommunication company then announced these routes on to the global Internet, which resulted in large amounts of web traffic destined for some of the largest European mobile networks to be redirected through China Telecom’s network. 

European networks that were most impacted by the route leak included Swisscom of Switzerland, KPN of Holland, and Bouygues Telecom and Numericable-SFR of France. 

“Often routing incidents like this only last for a few minutes, but in this case many of the leaked routes in this incident were in circulation for over two hours. In addition, numerous leaked routes were more-specifics of routed prefixes, suggesting the use of route optimizers or similar technology,” Oracle’s Doug Madory explains

Over 1,300 Dutch prefixes were announced in this leak, and 470 routes of KPN went through China Telecom’s network. The same happened for 64 routes of Swisscom, out of 200 Swiss prefixes announced by the leak. 

Oracle observed 150 Bouygues Telecom prefixes in the leak, including 127 more-specifics of existing routes and also noticed that even some of its own traceroute measurements were sucked into this routing leak. One that begins in Google in Ashburn, Virginia was detoured through China Telecom en-route to its destination in Vienna, Austria. 

This is not the first route leak incident involving China Telecom and is likely not the last. A report published in December last year revealed that the carrier has been constantly misdirecting Internet traffic through its network in China for several years. 

The new incident shows that the Chinese carrier has yet to take the necessary precautions to avoid similar re-routes from happening, and also proves that the problem of BGP route leaks continues to persist. 

“China Telecom, a major international carrier, has still implemented neither the basic routing safeguards necessary both to prevent propagation of routing leaks nor the processes and procedures necessary to detect and remediate them in a timely manner when they inevitably occur. Two hours is a long time for a routing leak of this magnitude to stay in circulation, degrading global communications,” Oracle notes. 

Related: China Telecom Constantly Misdirects Internet Traffic

Related: Google Services Inaccessible Due to BGP Leak

view counter