If your internet wobbled last weekend, you have Vodafone India to thank for it

It's always BGP (when it’s not DNS). Absent route filtering didn't help either


Vodafone Idea, the Indian limb of the mega-carrier, has been fingered as the source of what's been described as a "major BGP hijack" by Mutually Agreed Norms for Routing Security (MANRS), an organisation that "provides crucial fixes to reduce the most common routing threats."

Early on Saturday, net-watchers noticed that an autonomous system number (ASN) held by Vodafone Idea published over 30,000 bogus border gateway protocol (BGP) prefixes.

The incorrect publication meant that Vodafone Idea effectively claimed to oversee around 34,000 networks that it has no role in operating.

Traffic to Vodafone Idea spiked to 13 times usual levels, and traffic to other networks drained away into an internet black hole.

The cause of the problem appears to have been an error, either by Vodafone Idea or one of its clients. The error was caught within a few minutes, but the faulty routes rolled out for at least an hour afterwards.

Skeleton Using Cell Phone

India's telecoms given ten years to pay $22bn in back taxes they've already disputed for a decade

READ MORE

Digital experience monitoring outfit Catchpoint analysed the incident and said it spotted impacts on organisations including Google, Akamai, Edgecast, Deutsche Telekom, TIM, Claro, Orange, Telefonica), and several other Vodafone operations around the world.

Whatever the cause, Catchpoint and MANRS have slammed the carrier, suggesting that it could and should have been using well-known techniques that stop this sort of error from spreading and inconveniencing others.

Route filtering to rule out use of known bad routes is one such technique, and MANRS helps carriers to do it. But Catchpoint's analysis suggests Vodafone Idea doesn't use it, which was one reason this incident got big, fast. ®


Other stories you might like

  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Slack-for-engineers Mattermost on open source and data sovereignty
    Control and access are becoming a hot button for orgs

    Interview "It's our data, it's our intellectual property. Being able to migrate it out those systems is near impossible... It was a real frustration for us."

    These were the words of communication and collaboration platform Mattermost's founder and CTO, Corey Hulen, speaking to The Register about open source, sovereignty and audio bridges.

    "Some of the history of Mattermost is exactly that problem," says Hulen of the issue of closed source software. "We were using proprietary tools – we were not a collaboration platform before, we were a games company before – [and] we were extremely frustrated because we couldn't get our intellectual property out of those systems..."

    Continue reading
  • UK government having hard time complying with its own IR35 tax rules
    This shouldn't come as much of a surprise if you've been reading the headlines at all

    Government departments are guilty of high levels of non-compliance with the UK's off-payroll tax regime, according to a report by MPs.

    Difficulties meeting the IR35 rules, which apply to many IT contractors, in central government reflect poor implementation by Her Majesty's Revenue & Customs (HMRC) and other government bodies, the Public Accounts Committee (PAC) said.

    "Central government is spending hundreds of millions of pounds to cover tax owed for individuals wrongly assessed as self-employed. Government departments and agencies owed, or expected to owe, HMRC £263 million in 2020–21 due to incorrect administration of the rules," the report said.

    Continue reading

Biting the hand that feeds IT © 1998–2022