Morning pedes,
I'm a sysadmin working for a small datacenter in Germany. Against 09:00 GMT we had calls from some of our customers, they were complaining about some service degradation: load times for websites slowed down, ssh connections got terminated, ftp traffic was slow.
Analyzing my systems led to no results, so I called my provider if there was an issue with our connection.
He said: "to make it short: the Internet is partially broken..." I said what? Yup, some issues with route announcements in the BGP routers around the world.
As I write this, he called me back to tell me the issue got solved. Some guy/group, whatever, was able to insert false route announcements at BGP level, this is insane.
Let's see what the day brings up, but this was pretty scary (well, for my customers and for my boss, for me it was pretty exciting). Eyes on.
Godspeed, frens
Hi fren.
If you were strategically blocking packets from overseas to America in order to prevent a Dominion steal? Could you do it by taking some of these servers offline, leaving most of the internet functioning?
I'm not a BGP expert, but false route announcements imo can be used to break the internet down or to re-route traffic to your preferred destination. So, yes, it could possibly be used to block/re-route Dominion traffic for the purpose of simply blocking it, or to capture it.
I am a BGP expert, and you're spot on :)
Yep.
To expand, BGP controls the routing of data, i.e. the path.
It's like the postal service saying all mail for destination A must first come to sorting station B via central station C. But if you wanted that mail to go via different sorting/central stations you'd mess with BGP (in the IT sense).
Say you want all the mail for a particular destination to go through the sorting centre that you have all the inspectors at and that you control. That would be pretty powerful. That's what dodgy modifications to BGP are capable of, if done right.
If you were to know which way the packets would be redirected on a BGP failure. maybe you could have put some rules in undetected on an alternative server on not-the-usual-route which would strip out or otherwise handle these packets.
I heard cybersecurity- NG is working behind the scenes as far as elections. Very possible they took it offline or set up secure networks?
Could it be? I think....... I know what's wrong.
https://www.youtube.com/watch?v=ckIMuvumYrg
Interesting. Looks like Hillary on the Drudge Report on the one screen after the internet goes back up. ;)
and Bono on the other side?
Sure looks like it.
My mobile ISP suddenly went down out of the blue - never happened in the past 2 years. Came back 30 mins or so later.
Rumble is absolutely hogwash right now. Cant grt most vids to load. Amd when they do, it's 1-2secs of playback followed by 30seconds of buffering.
In fairness, there is probably a heavy load on most services today. Musk said that Twitter is breaking all time traffic records
Sounds like a typical day for us Spectrum customers.
Haha so true. Same with Xfinity.
Can confirm.
I lost internet last night, very close to when Trump was about to take stage. Went out for only a few minutes. Tennessean here.
This actually happens pretty regularly. It gets noticed almost immediately, but sometimes takes a few hours to resolve. BGP has very little security implemented (though several options exist). It is an old protocol that makes up the very (routing) fabric of the interwebs.
This usually happens due to human error, or an attack against some provider/network/service. When someone else "announces" a network that does not belong to them, within minutes, ALL the traffic for that network begins routing to them instead of the rightful network owner. This can be used for a multitude of malicious attacks, traffic inspection, client (browser) hijacking, etc.
Yup, there is no security in the protocol itself - it's all about whether the peering points will accept the connection and updates or not.
If you are in possession of zero day exploits for these routers then you can basically do what you like.
The stealthiest approach is to point the traffic you want to intercept to a mirror, and then forward that traffic on to the original destination once you have a copy of it (man in the middle).
Depending on what you are doing and where you are doing it adds to the complexity of doing this seamlessly, but it's certainly possible.
Thanks, that's what i've learned today. Had another call with the chief network engineer from our provider, he told me the same things you guys are talking about.
He also confirmed that it was a short lasting attack against german Telekom infrastructure. They solved it pretty quick, but it was widespread.
It seems to be an easy task with huge effects if you know what you have to do.
Are the DOD i.p. addresses active?
Interesting... maybe we have fixed some things.... looking at you, Italy.
I'm wondering if there were some MAJOR routing table updates done to reroute traffic through those military servers?
Nothing much showing on downdetector at the moment.
In Germany it was pretty hefty. Look here:
https://xn--allestrungen-9ib.de/
From 09-10:30 GMT there was a massive disruption. Seems to be solved for the moment.
Danke schoen!
Maybe the Dominion packets are coming from or coming through Germany specifically
My website was down today for about 3 hours.
Godaddy hosted.
Logged in to work(from home) this morning, Epic is down system wide for us. Very unusual. The rest of everything I use is fine, just epic.
That's how Facebook got taken down for a day. BGP corruption.
Testing out the tech for internet shutdown? A proof of concept, maybe?
5D internet
Google Drive's been like this for the past month. Everything's come down to a crawl and Google even removed some convenience features for desktop Google Drive without even giving a notice
UK blew up the wrong pipe this time? ;)
testing their vote steal?
Pretty sure this happened about a year ago too
Some websites weren’t loading on wifi but loading on LTE. I was mad.
Happening in US too. Constantly up and down. I imagine there is a tremendous amount of cyber activity happening.
"was able to insert false route announcements at BGP level"
That sounds like it was allowed to happen
Can this be broken down for us that aren't tech savvy?
Red wave will be so intense that we have media blackout incoming preventing citizens knowing the results. 🤔
Trial run. Yep, it worked. Let’s go Brandon. NCSWIC!
Can confirm, the internet was totally fucked up last night. Ping response was very high, and I was dropping packets like crazy.