Major traffic destinations rerouted to Russia

Internet destinations rerouted to Russia in new BGP incident

A recent border gateway protocol (BGP) Incident saw a plethora of important internet destinatinations routed through Russia.

BGPMon, which is now a part of OpenDNS, said the incident happened on Tuesday at US time. Branded as "suspicious", it started at 04:43 (UTC).

Eighty prefixes associated with companies such as Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games were found in global BGP routing in Russia.

According to the monitoring organisation, the glitch repeated itself. It first happened between 04:43 and 04:46 UTC on December 12, and then a second time between 07:07 and 07:10.

BGPMon said that such incidents can't be overlooked and that they were "picked up by a large number of peers and because of several new more specific prefixes that are not normally seen on the Internet".

The announcement was accepted and made reachable by a range of organisations, including Hurricane Electric and Zayo in the US, Scandinavian international collaboration Nordunet, along with Telstra in Australia.

These announcements were made by an autonomous system (AS) which was mostly dormant for years, although such occurrences should still be taken seriously.

"This means that this isn't a simple leak, but someone is intentionally inserting these more specific prefixes, possibly with the intent the attract traffic",explained BPGMon's Andree Toonk.

"AS 39523 has only recently been assigned," he continued, but "while going through our historical data, we also noticed that AS 39523 was in fact once active earlier this year.

"That incident took place during a route leak between Google and Verizon in August 2017, which black-holed Japanese traffic."

BGPMon suggests that ISPs filter their customers in the future. "Interestingly one of the paths that appeared during that leak was the prefix 66.232.224.0/24 with the following ASpath 701 15169 32007 39523", added Toonk. " 39523 is the same Russian AS that appeared as the origin AS today".