Late last week, a tiny Indonesian ISP announced a new ASN to the internet: AS135469. While this might be great news for the netizens of the Province of Gorontalo, it wasn’t great news for US communications defence contractor L-3 Communications. That’s because this ISP fat fingered the IP address when it started announcing its address space, transposing two digits, and in the process actually hijacked IP address space belonging to L-3 for over six (6) hours.
The screenshot below shows traffic intended for the the L-3 IP space on the Indonesian ASN.
And in this Internet Intelligence screenshot, we see the AS path of the hijacked route. It is a more-specific of 220.127.116.11/16, originated by AT&T.
The practical result of this is that any internet traffic directed to the L-3 address space would have been directed to Indonesia, resulting in denial of service. And while we don’t know exactly what L-3 hosted in this space, it’s not hard to imagine how a six hour outage could be pretty distressing for many companies, if not materially impacting. What would be the impact if your eCommerce site, email server or supplier portal was effectively offline or inaccessible for six hours? We’d guess things would be hitting the fan pretty hard in the NOC. Worse yet, without visibility, identifying the root cause would be quite challenging.
But what’s really amazing about this event is that it’s not really all that amazing. As Dyn monitors global internet conditions in real time, we see events like this happen every day, in fact, several times a day. While the major service outages and DDoS attacks get the attention and (unwanted) headlines, it’s actually always cloudy on the internet. In other words, disruptions like these are not at all “black swan” events.
As more services and, particularly, things join the ever-growing internet, the need for companies to manage how users connect to internet-connected assets becomes more and more critical. That’s why we’re so bullish about Internet Performance Management (IPM).