funsec mailing list archives
Re: US Facebook data passed through Chinese, South Korean ISPs
From: Jason Lewis <jlewis () packetnexus com>
Date: Tue, 29 Mar 2011 11:59:35 -0400
Every article references one vague post with stripped down details. The original post only has a snippet of the routes available at the time. I suspect an ATT customer leaked something and that's the extent of it. Based on the other routes from ATT, no ATT customers would have used the route in question. Every path is 7018 3356 32934 32934, The bad path was "7018 4134 9318 32934 32934 32934". Path on an ATT router right now: route-server>show ip bgp 69.171.224.13 BGP routing table entry for 69.171.224.0/20, version 32743195 Paths: (18 available, best #6, table Default-IP-Routing-Table) Not advertised to any peer 7018 3356 32934 32934, (received & used) 12.123.133.124 from 12.123.133.124 (12.123.133.124) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:36244 7018 3549 32934 32934, (received & used) 12.123.145.124 from 12.123.145.124 (12.123.145.124) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:33051 7018 3356 32934 32934, (received & used) 12.123.139.124 from 12.123.139.124 (12.123.139.124) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:34011 7018 3549 32934 32934, (received & used) 12.123.142.124 from 12.123.142.124 (12.123.142.124) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:33051 7018 3549 32934 32934, (received & used) 12.123.29.249 from 12.123.29.249 (12.123.29.249) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:33051 7018 3356 32934 32934, (received & used) 12.123.1.236 from 12.123.1.236 (12.123.1.236) Origin IGP, localpref 100, valid, external, best Community: 7018:5000 7018:37232 7018 3549 32934 32934, (received & used) 12.123.13.241 from 12.123.13.241 (12.123.13.241) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:32103 7018 3356 32934 32934, (received & used) 12.123.137.124 from 12.123.137.124 (12.123.137.124) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:37232 7018 3356 32934 32934, (received & used) 12.123.33.249 from 12.123.33.249 (12.123.33.249) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:39220 7018 3549 32934 32934, (received & used) 12.123.21.243 from 12.123.21.243 (12.123.21.243) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:39343 7018 3356 32934 32934, (received & used) 12.123.45.252 from 12.123.45.252 (12.123.45.252) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:31022 7018 3549 32934 32934, (received & used) 12.123.9.241 from 12.123.9.241 (12.123.9.241) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:38001 7018 3356 32934 32934, (received & used) 12.123.25.245 from 12.123.25.245 (12.123.25.245) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:34011 7018 3356 32934 32934, (received & used) 12.123.5.240 from 12.123.5.240 (12.123.5.240) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:34011 7018 3356 32934 32934, (received & used) 12.123.134.124 from 12.123.134.124 (12.123.134.124) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:36244 7018 3356 32934 32934, (received & used) 12.123.17.244 from 12.123.17.244 (12.123.17.244) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:36244 7018 3356 32934 32934, (received & used) 12.123.37.250 from 12.123.37.250 (12.123.37.250) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:36244 7018 3356 32934 32934, (received & used) 12.123.41.250 from 12.123.41.250 (12.123.41.250) Origin IGP, localpref 100, valid, external Community: 7018:5000 7018:37232 On Mon, Mar 28, 2011 at 1:38 PM, Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:
This was not posted to funsec yet: "Earlier this week, your Facebook posts could have been rewritten on the Great Wall of China, not just on your friends’ walls. For about 30 minutes on Tuesday morning, Facebook traffic in the US, or at least the connections going through AT&T’s Internet services, did not travel via the most direct route. Normally, AT&T passes packets of data to US-based Level3 Communications, which in turn hands them off to Facebook’s servers." --clip-- http://www.zdnet.com/blog/facebook/us-facebook-data-passed-through-chinese-south-korean-isps/970 Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- US Facebook data passed through Chinese, South Korean ISPs Juha-Matti Laurio (Mar 28)
- Re: US Facebook data passed through Chinese, South Korean ISPs Jason Lewis (Mar 29)