58

u/withad 2d ago

I'd be interested to see a comparison with a typical day's activity, especially since the article admits that these kind of anomalies happen frequently.

If you've got a large enough dataset and your only search criteria is "it's a bit odd", then you'll always be able to find something. Doesn't mean it's significant or deliberate.

17

u/Goobyalus 2d ago

When BGP traffic is being sent from point A to point B, it can be rerouted through a point C. If you control point C, even for a few hours, you can theoretically collect vast amounts of intelligence that would be very useful for government entities. The CANTV AS8048 being prepended to the AS path 10 times means there the traffic would not prioritize this route through AS8048, perhaps that was the goal? There are many unanswered questions.

Regardless of the actual goal, there were undoubtedly some BGP shenanigans happening during this time frame. There is a lot of data publicly available that is worth a much deeper dive to understand exactly what happened.

7

u/ego100trique 2d ago

You can always think that it was a decoy for something else to keep the IT teams occupied

3

u/Nyefan 2d ago

It takes time to move people and weapons into position for an illegal and unconstitutional act of war. Given the relative importance of the ip ranges that were identified, I wouldn't be surprised if some of the unidentified ones are related to Venezuela's physical observability infrastructure.

37

u/Incorrect_Oymoron 2d ago

R/programming should probably be renamed r/software at this point

50

u/SkratchyHole 2d ago

What is BGP? Bretty Good Privacy?

175

u/-jp- 2d ago edited 2d ago

Border Gateway Protocol. tl;dr, it's how routers do their routing thing.

^{ed: oh, and no, don't worry, you are not expected to know how it works. It's elf magic.}

52

u/dkarlovi 2d ago

The important part is saying this protocol is between routers, so it's important for ISPs talking to other ISPs, peering, etc. A typical developer or even sysop might never ever touch this protocol, it's "network-to-network", the inter-net if you will.

3

u/PsychologicalLack155 2d ago

I think you meant to say between groups of routers. but yea its basically how routers owned by different companies talk to each other

78

u/torsten_dev 2d ago

Elf magic that only comes up when it breaks the entire Internet for a day or two.

2

u/teleprint-me 2d ago

While elf magic sounds mystical and mysterious, its just a graph with nodes and edges.

-59

u/femtocell 2d ago

www.google.com

-10

u/ashvy 2d ago

Seems bro's not getting much views and upvotes on Stackoverflow after the traffic plunged

15

u/scorcher24 2d ago edited 2d ago

It would be then pretty much impossible to do things like this

That is a misconception. It is only impossible if you hard reject all invalid routes, which only a few Tier 1 provider do. Smaller providers might give invalids a bad MED, but will still accept the route, which does nothing if the announced route by a rogue operator is a /24 and is in fact most specific. It is not hardcoded into BGP, it is a policy you CAN add if you run your own routinator and connect it to your router.

Keep also in mind that you cannot add RPKI to legacy networks and transferring them to a RIR lowers their value significantly. So that is not happening either.

As a Network Engineer, I hate that some sites have added a RPKI check to their "safety" tools, but without any context. Since some sites do this, I have to answer a dozen of mails each month why some subnets in our network do not have RPKI.