Watch your MANRS: Akamai, Amazon, Netflix, Microsoft, Google, and pals join internet routing security effort

Filtering, anti-spoofing, coordination, validation to prevent crooks, spies hijacking victims' connections

A community effort to improve the internet's routing security has won the backing of some of the web's biggest names.

Amazon, Google, Facebook, Microsoft, Akamai, and Netflix, among others, have signed up to the Mutually Agreed Norms for Routing Security (MANRS) group, in their roles as content delivery networks (CDNs) and cloud providers (CPs).

MANRS’s goal is to shore up the internet's lax security when it comes to routing people's connections around Earth. It is, essentially, depending on the circumstances, too easy for miscreants to hijack and redirect internet traffic from legit servers to malicious machines so that web browsing and other online activities can be snooped on or meddled with.

This widespread issue is something that has become increasingly important in the past few years as the number and size of connectivity breakdowns and attacks on the global system have grown. Criminals and possibly government spies have realized the potential that exists in snatching people's internet traffic for surveillance, disruption, and theft.

The MANRS group pushes four main approaches, two technical and two cultural: filtering, anti-spoofing, and then coordination and validation. Combined, they help weed out bad routing information and so reduce the ability to carry out attacks. The project appears to run parallel to other efforts to strengthen internet security, such as the push to adopt BGPSEC.

Akamai, Azion, and Cloudflare have also signed up to MANRS, bringing membership up to over 300 organizations and covering a significant chunk of global internet traffic (roughly 50 per cent in fact).

Several of those organizations provided canned quotes explaining why they’d joined. “Being MANRS compliant not only improves our routing security capabilities, but has the potential to help other networks to improve theirs,” said Akamai’s VP of network technology Christian Kaufmann.

Cloudflare CTO John Graham-Cumming said: “Route leaks have a cascading negative impact on businesses, and coordinated action is needed by the Internet infrastructure community to improve the security, resilience, and reliability of networks.”

Netflix Open Connect’s VP Gina Haspilaire said: “A secure routing framework is essential to maintaining the ongoing health and stability of the global Internet, and MANRS provides the resources to develop, foster, and promote this framework.”


Those companies interconnect with thousands of other networks, and so the hope is that signing up these giants to MANRS will lead to concrete action among the roughly 60,000 network operators that make up the global internet – and that routing security will be taken more seriously.

Cheesy pic of man holding face in shame as accusatory finger emerges from display. Photo via Shutterstock

Mind your MANRS: Internet Society names and shames network operators that bungle their routing security


We spoke to the Internet Society's senior director for technology programs, Andrei Robachevsky, who oversees many of the efforts. He is hopeful that it will lead to a significant reduction in the number of route hijackings, blunders, and misconfigurations.

“We hope this will build peer pressure inside the community,” he noted, pointing to a decrease in incidents in each of the three years that MANRS has been running and expanding. “This will increase scalability and provide more transparency.”

MANRS has its own metrics engine called the MANRS Observatory which Robachevsky says had added new features, although most of them are not public. Only members can see behind the curtain where those network operators that are causing most of the problems are visible.

When asked if MANRS will name-and-shame the worst, he said “not yet,” and argued that it was too early for such trend analysis. The truth is that the industry hopes good old-fashioned peer pressure will resolve most of the issues.


Despite occasional claims of state-level hacking efforts, most routing problems are more a result of bad configuration settings and lax security controls by operators.

“It is always going to be an arms race,” he told The Register. It’s also not a matter of fixing your systems once and being done. “You have to create a process,” Robachevsky notes. “And have a security framework that creates ongoing checks on compliance.”

Every new member that joins MANRS is given an audit check, though Robachevsky says that may need to be expanded to occasional spot-checks to ensure that organizations remain compliant with the group's standards.

In a clear sign that the approach may be working the way intended, we asked about one network operator that has been repeatedly fingered as a source of problematic routing: China Telecom. We asked if MANRS had spoken to the outfit, and Robachevsky told us the opposite had happened.

“In fact, they reached out to us,” he said, noting that it seemed genuinely interested in working with MANRS to fix its issues.

There is nothing to oblige any network operator, exchange point, CDN or CP to sign up with MANRS, and in that respect the entire process is dependent on MANRS’ standing and reputation. Today’s announcement will help bolster both. ®

Other stories you might like

  • Cheers ransomware hits VMware ESXi systems
    Now we can say extortionware has jumped the shark

    Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

    ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

    "ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

    Continue reading
  • Twitter founder Dorsey beats hasty retweet from the board
    As shareholders sue the social network amid Elon Musk's takeover scramble

    Twitter has officially entered the post-Dorsey age: its founder and two-time CEO's board term expired Wednesday, marking the first time the social media company hasn't had him around in some capacity.

    Jack Dorsey announced his resignation as Twitter chief exec in November 2021, and passed the baton to Parag Agrawal while remaining on the board. Now that board term has ended, and Dorsey has stepped down as expected. Agrawal has taken Dorsey's board seat; Salesforce co-CEO Bret Taylor has assumed the role of Twitter's board chair. 

    In his resignation announcement, Dorsey – who co-founded and is CEO of Block (formerly Square) – said having founders leading the companies they created can be severely limiting for an organization and can serve as a single point of failure. "I believe it's critical a company can stand on its own, free of its founder's influence or direction," Dorsey said. He didn't respond to a request for further comment today. 

    Continue reading
  • Snowflake stock drops as some top customers cut usage
    You might say its valuation is melting away

    IPO darling Snowflake's share price took a beating in an already bearish market for tech stocks after filing weaker than expected financial guidance amid a slowdown in orders from some of its largest customers.

    For its first quarter of fiscal 2023, ended April 30, Snowflake's revenue grew 85 percent year-on-year to $422.4 million. The company made an operating loss of $188.8 million, albeit down from $205.6 million a year ago.

    Although surpassing revenue expectations, the cloud-based data warehousing business saw its valuation tumble 16 percent in extended trading on Wednesday. Its stock price dived from $133 apiece to $117 in after-hours trading, and today is cruising back at $127. That stumble arrived amid a general tech stock sell-off some observers said was overdue.

    Continue reading

Biting the hand that feeds IT © 1998–2022