funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: US Facebook data passed through Chinese, South Korean ISPs

From: Jason Lewis <jlewis () packetnexus com>
Date: Tue, 29 Mar 2011 11:59:35 -0400
Every article references one vague post with stripped down details.
The original post only has a snippet of the routes available at the
time.  I suspect an ATT customer leaked something and that's the
extent of it.  Based on the other routes from ATT, no ATT customers
would have used the route in question.

Every path is 7018 3356 32934 32934,   The bad path was "7018 4134
9318 32934 32934 32934".
Path on an ATT router right now:

route-server>show ip bgp 69.171.224.13
BGP routing table entry for 69.171.224.0/20, version 32743195
Paths: (18 available, best #6, table Default-IP-Routing-Table)
  Not advertised to any peer
  7018 3356 32934 32934, (received & used)
    12.123.133.124 from 12.123.133.124 (12.123.133.124)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:36244
  7018 3549 32934 32934, (received & used)
    12.123.145.124 from 12.123.145.124 (12.123.145.124)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:33051
  7018 3356 32934 32934, (received & used)
    12.123.139.124 from 12.123.139.124 (12.123.139.124)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:34011
  7018 3549 32934 32934, (received & used)
    12.123.142.124 from 12.123.142.124 (12.123.142.124)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:33051
  7018 3549 32934 32934, (received & used)
    12.123.29.249 from 12.123.29.249 (12.123.29.249)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:33051
  7018 3356 32934 32934, (received & used)
    12.123.1.236 from 12.123.1.236 (12.123.1.236)
      Origin IGP, localpref 100, valid, external, best
      Community: 7018:5000 7018:37232
  7018 3549 32934 32934, (received & used)
    12.123.13.241 from 12.123.13.241 (12.123.13.241)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:32103
  7018 3356 32934 32934, (received & used)
    12.123.137.124 from 12.123.137.124 (12.123.137.124)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:37232
  7018 3356 32934 32934, (received & used)
    12.123.33.249 from 12.123.33.249 (12.123.33.249)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:39220
  7018 3549 32934 32934, (received & used)
    12.123.21.243 from 12.123.21.243 (12.123.21.243)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:39343
  7018 3356 32934 32934, (received & used)
    12.123.45.252 from 12.123.45.252 (12.123.45.252)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:31022
  7018 3549 32934 32934, (received & used)
    12.123.9.241 from 12.123.9.241 (12.123.9.241)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:38001
  7018 3356 32934 32934, (received & used)
    12.123.25.245 from 12.123.25.245 (12.123.25.245)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:34011
  7018 3356 32934 32934, (received & used)
    12.123.5.240 from 12.123.5.240 (12.123.5.240)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:34011
  7018 3356 32934 32934, (received & used)
    12.123.134.124 from 12.123.134.124 (12.123.134.124)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:36244
  7018 3356 32934 32934, (received & used)
    12.123.17.244 from 12.123.17.244 (12.123.17.244)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:36244
  7018 3356 32934 32934, (received & used)
    12.123.37.250 from 12.123.37.250 (12.123.37.250)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:36244
  7018 3356 32934 32934, (received & used)
    12.123.41.250 from 12.123.41.250 (12.123.41.250)
      Origin IGP, localpref 100, valid, external
      Community: 7018:5000 7018:37232


On Mon, Mar 28, 2011 at 1:38 PM, Juha-Matti Laurio
<juha-matti.laurio () netti fi> wrote:

This was not posted to funsec yet:

"Earlier this week, your Facebook posts could have been rewritten on the Great Wall of China, not just on your 
friends’ walls. For about 30 minutes on Tuesday morning,
Facebook traffic in the US, or at least the connections going through AT&T’s Internet services, did not travel via 
the most direct route.
Normally, AT&T passes packets of data to US-based Level3 Communications, which in turn hands them off to Facebook’s 
servers."
--clip--

http://www.zdnet.com/blog/facebook/us-facebook-data-passed-through-chinese-south-korean-isps/970

Juha-Matti

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: