At NetActuate, our NOC team is continually monitoring and optimizing our networks and infrastructure to ensure fast, reliable performance for our customers. This includes keeping a close eye on foundational components of the internet, such as the global routing table.
On May 19, 2023, we noticed some unusual activity in the global routing table through our BGP (Border Gateway Protocol) monitoring. Specifically, certain IPv6 prefixes that were under our control were being incorrectly announced. This type of behavior can indicate a BGP hijack, where unauthorized entities reroute internet traffic for their own purposes. Our BGP monitoring system flagged this suspicious activity and identified two Autonomous Systems (AS211380 and AS209861) as the potential sources of the problem.
Concerned by this activity, we contacted Lefteris Manassakis from CodeBGP. With their detailed analysis, our suspicions were confirmed, and an even broader issue was uncovered. Two Autonomous Systems were also involved in abnormal announcements related to the A-Root, C-Root, and G-Root domain servers, which are core components of the internet’s domain name system (DNS). This discovery raised concerns about the integrity and security of the internet’s infrastructure.
More concerning was the fact that these unusual announcements were only detected by a single RIS Peer– a single, specific monitoring point. This limited visibility highlights the challenges faced by monitoring platforms in capturing such transient events. Manassakis has shared a comprehensive blog post on this incident, which provides further insights. This incident serves as an important reminder of the complex challenges involved in securing the global internet infrastructure.
Moving forward, the team at NetActuate remains committed to closely monitoring the internet for any similar activities. We recognize the importance of collaboration with organizations like CodeBGP to protect the integrity of internet routing. By working together and sharing knowledge, we can better safeguard the internet’s infrastructure and ensure its reliability.
If you are interested in learning more about BGP and how anycast can reduce the impact of internet hijacks, we invite you to check out our cybersecurity use case.