2010年4月10日星期六
中国ISP又一次劫持了互联网 zz
过去两周内的第二次,从中国传播出去的错误网络信息让 整个互联网出现混乱。
本周四早晨,一家叫IDC China Telecommunication的小型ISP的错误路由数据,经过中国电信的二次传播,扩散到了整个互联网,波及到了 AT&T、Level3、Deutsche Telekom、Qwest Communications和Telefonica等多个国家的大型ISP。事故始于美国东部时间上午10点,持续了大约20分钟。在此过程中,有 32,000到37,000个网络接收到了错误的数据,包括8,000个美国网络,超过8,500个中国网络,1,100个澳大利亚网络,230个法国网络。
细节:
IDC China Telecommunication为32,000到37,000个网络传送了错误的路由信息,将他们指向了自身而不是正确的地址。
These networks included about 8,000 U.S. networks including those operated by Dell, CNN, Starbucks and Apple. More than 8,500 Chinese networks,1,100 in Australia and 230 owned by France Telecom were also affected.
While the incident appears to have been an accident, it underscores the weakness of the Border Gateway Protocol (BGP), a critical, but obscure, protocol used to bind the Internet together.
(中文译文:当这一事件演变成一场事故,又暴露出BGP协议的缺陷,就是这个关键但是又模糊的协议将Internet捆绑在一起)
BGP data is used by routers to tell them how to route traffic over the Internet. Typically smaller service providers "announce" BGP routes for the networks they control, and that information is ultimately centralized and then shared between larger providers. That's where the problems started on Thursday. For some reason, IDC China Telecommunication announced routes for tens of thousands of networks -- about 10 percent of the Internet. Typically this small ISP announces about 30 routes.
(中文:路由器通过BGP数据来控制如何在Internet上转发流量。一般是小的运营商为它控制的网络来声明路由信息,这些信息被集中,然后在大的运营商之间共享。IDC China Telecommunication为数万个网络来声明路由,大概占到Internet的10%。)
That bad information was then accepted by the larger China Telecommunications, which shared the data with other major ISPs. Within minutes the bad data had spread around the globe.
(中文:那些错误的信息随后被更大的运营商中国电信接受,并且在几家主要的运营商之间共享,几分钟内这些错误的数据就在全球蔓延开来。)
ISPs may have accepted the hijacked route information, but that doesn't necessarily mean that a lot of Web surfers got redirected. It's common for routers to learn several BGP routes, and then route traffic to what they consider the best route. Often they choose the shortest route available. So most routers in the U.S. would have routed traffic to Apple's servers, for example, instead of IDC China Telecommunication.
(中文:ISP可能接受这些被劫持的路由信息,但是这不一定导致很多网络访问被重定向。路由器通常要学习很多BGP路由信息,然后将流量转发到它认为最佳的路由,通常它会选择最近的路由。所以大多数美国国内的路由器还是会将流量转发到正确的地方。)
There may have been more disruptions in Asia, however, where the IDC China Telecommunication route would have seemed shorter, but users were definitely affected, Brown said. "We saw routers in Belgium, Indonesia, Portugal, Thailand and the U.S. -- to name a few -- which were selecting these false routes," he said.
(中文:亚洲问题就要大一些,因为IDC China Telecommunication在路由上看起来要更近一些。)
Because so many Chinese networks were also disrupted by the incident, security experts believe that it was probably unintentional.
(中文:因为很多中国网络在这次事件中也受到影响,因此猜想这次事件应该不是有意而为。)
Two weeks ago a bad BGP route from China leaked out and redirected some Chilean Internet traffic to a root DNS (Domain Name System) server in China. And two years ago, bad BGP routing information from Pakistan caused YouTube to temporarily disappear from the Internet.
(中文:这已经不是第一次BGP造成这样的事件。两个星期之前,一条中国传出的错误的BGP路由将一些智利的网络流量转发到中国的root DNS。两年前,巴基斯坦的错误路由曾使Youtube暂时在互联网上消失。)
本周四早晨,一家叫IDC China Telecommunication的小型ISP的错误路由数据,经过中国电信的二次传播,扩散到了整个互联网,波及到了 AT&T、Level3、Deutsche Telekom、Qwest Communications和Telefonica等多个国家的大型ISP。事故始于美国东部时间上午10点,持续了大约20分钟。在此过程中,有 32,000到37,000个网络接收到了错误的数据,包括8,000个美国网络,超过8,500个中国网络,1,100个澳大利亚网络,230个法国网络。
细节:
IDC China Telecommunication为32,000到37,000个网络传送了错误的路由信息,将他们指向了自身而不是正确的地址。
These networks included about 8,000 U.S. networks including those operated by Dell, CNN, Starbucks and Apple. More than 8,500 Chinese networks,1,100 in Australia and 230 owned by France Telecom were also affected.
While the incident appears to have been an accident, it underscores the weakness of the Border Gateway Protocol (BGP), a critical, but obscure, protocol used to bind the Internet together.
(中文译文:当这一事件演变成一场事故,又暴露出BGP协议的缺陷,就是这个关键但是又模糊的协议将Internet捆绑在一起)
BGP data is used by routers to tell them how to route traffic over the Internet. Typically smaller service providers "announce" BGP routes for the networks they control, and that information is ultimately centralized and then shared between larger providers. That's where the problems started on Thursday. For some reason, IDC China Telecommunication announced routes for tens of thousands of networks -- about 10 percent of the Internet. Typically this small ISP announces about 30 routes.
(中文:路由器通过BGP数据来控制如何在Internet上转发流量。一般是小的运营商为它控制的网络来声明路由信息,这些信息被集中,然后在大的运营商之间共享。IDC China Telecommunication为数万个网络来声明路由,大概占到Internet的10%。)
That bad information was then accepted by the larger China Telecommunications, which shared the data with other major ISPs. Within minutes the bad data had spread around the globe.
(中文:那些错误的信息随后被更大的运营商中国电信接受,并且在几家主要的运营商之间共享,几分钟内这些错误的数据就在全球蔓延开来。)
ISPs may have accepted the hijacked route information, but that doesn't necessarily mean that a lot of Web surfers got redirected. It's common for routers to learn several BGP routes, and then route traffic to what they consider the best route. Often they choose the shortest route available. So most routers in the U.S. would have routed traffic to Apple's servers, for example, instead of IDC China Telecommunication.
(中文:ISP可能接受这些被劫持的路由信息,但是这不一定导致很多网络访问被重定向。路由器通常要学习很多BGP路由信息,然后将流量转发到它认为最佳的路由,通常它会选择最近的路由。所以大多数美国国内的路由器还是会将流量转发到正确的地方。)
There may have been more disruptions in Asia, however, where the IDC China Telecommunication route would have seemed shorter, but users were definitely affected, Brown said. "We saw routers in Belgium, Indonesia, Portugal, Thailand and the U.S. -- to name a few -- which were selecting these false routes," he said.
(中文:亚洲问题就要大一些,因为IDC China Telecommunication在路由上看起来要更近一些。)
Because so many Chinese networks were also disrupted by the incident, security experts believe that it was probably unintentional.
(中文:因为很多中国网络在这次事件中也受到影响,因此猜想这次事件应该不是有意而为。)
Two weeks ago a bad BGP route from China leaked out and redirected some Chilean Internet traffic to a root DNS (Domain Name System) server in China. And two years ago, bad BGP routing information from Pakistan caused YouTube to temporarily disappear from the Internet.
(中文:这已经不是第一次BGP造成这样的事件。两个星期之前,一条中国传出的错误的BGP路由将一些智利的网络流量转发到中国的root DNS。两年前,巴基斯坦的错误路由曾使Youtube暂时在互联网上消失。)
标签: China ISP, Hijack, Internet
// 发贴者:放牛娃的春天 @ 四月 10, 2010 
订阅 博文 [Atom]