Internet traffic hijack dogs Google

Joanna Estrada
November 13, 2018

"The root cause of the issue was external to Google and there was no compromise of Google services". The incident, called a BGP hijack, occurred yesterday, on November 12, between 13:12 and 14:35, Pacific time, according to Google.

It remains unclear whether this was an attack or a misconfiguration at the Nigerian ISP MainOne.

Even if the traffic "misdirection" by the Nigerian ISP was intentional or accidental, the problem still lies with the BGP itself, a protocol developed in the 1980s, which has no security features and is still used today to interconnect ISP networks and relay internet traffic. ThousandEyes is based in San Francisco and its data heading to Google was ending up in China after passing through a Russian ISP.

According to experts from ThousandEyes, a cloud security company, the path that this traffic took most often was one via TransTelecom (AS 20485) in Russian Federation and China Telecom (AS 4809) in China. "MainOne has a peering relationship with Google via IXPN [Internet Exchange Point] in Lagos and has direct routes to Google, which leaked into China Telecom", informs ThousandEyes.

Google suffered a brief outage and slowdown Monday, with some of its traffic getting rerouted through networks in Russia, China and Nigeria.

"This incident at a minimum caused a massive denial of service to G Suite and Google Search", wrote Ameet Naik, ThousandEyes' technical marketing manager, in a blog post. Later on, the same Nigerian carrier made a second incorrect IP declaration that sent Google partner Cloudflare's IP addresses on a similar joyride.

BGP is a solution from the 80s to help traffic reach its destination via autonomous systems (networks that handle their own block of IP addresses).

Although this automates routing the information over the internet, it also leaves room for traffic hijacking that can be malicious when intentional; as it seems to be the case now, the outcome was disrupting Google service due to improper configuration.

Other reports by Click Lancashire

Discuss This Article