Cloudflare blames recent outage on BGP hijacking incident
Bill Toulas
- July 5, 2024
- 02:41 PM
- 1
Incident details
Cloudflare says that at 18:51 UTC on June 27, Eletronet S.A. (AS267613) began announcing the 1.1.1.1/32 IP address to its peers and upstream providers.
- The hijack occurred because BGP routing favors the most specific route. AS267613’s announcement of 1.1.1.1/32 was more specific than Cloudflare’s 1.1.1.0/24, leading networks to incorrectly route traffic to AS267613.
- Consequently, traffic intended for Cloudflare’s 1.1.1.1 DNS resolver was blackholed/rejected, and hence, the service became unavailable for some users.
This leak altered the normal BGP routing paths, causing traffic destined for 1.1.1.1 to be misrouted, compounding the hijacking problem and causing additional reachability and latency problems.
- Cloudflare identified the problems at around 20:00 UTC and resolved the hijack roughly two hours later. The route leak was resolved at 02:28 UTC.
Remediation effort
The company explains that the incorrect announcements didn’t affect internal network routing due to adopting the Resource Public Key Infrastructure (RPKI), which led to automatically rejecting the invalid routes.
- Enhance route leak detection systems by incorporating more data sources and integrating real-time data points.
- Promote the adoption of Resource Public Key Infrastructure (RPKI) for Route Origin Validation (ROV).
- Promote the adoption of the Mutually Agreed Norms for Routing Security (MANRS) principles, which include rejecting invalid prefix lengths and implementing robust filtering mechanisms.
- Encourage networks to reject IPv4 prefixes longer than /24 in the Default-Free Zone (DFZ).
- Advocate for deploying ASPA objects (currently drafted by the IETF), which are used to validate the AS path in BGP announcements.
- Explore the potential of implementing RFC9234 and Discard Origin Authorization (DOA).
OVHcloud blames record-breaking DDoS attack on MikroTik botnet
Xbox is down worldwide with users unable to login, play games
Patelco shuts down banking systems following ransomware attack
CDK Global says all dealers will be back online by Thursday
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator
MORE
-
Europol says Home Routing mobile encryption feature aids criminals
Europol is proposing solutions to avoid challenges posed by privacy-enhancing technologies in Home Routing that hinder law enforcement's ability to intercept communications during criminal investigations.
- JULY 07, 2024
- 11:23 AM
- 1
-
Shopify denies it was hacked, links stolen data to third-party app
E-commerce platform Shopify denies it suffered a data breach after a threat actor began selling customer data they claim was stolen from the company's network.
- JULY 07, 2024
- 10:09 AM
- 0
-
Launch your summer with 15 months of Microsoft 365 for up to 21% off
Or if you only need a subscription for yourself, get a one-device Microsoft 365 15-month subscription for $54.97, $14 off the $69 MSRP also through the end of July 21st.
- JULY 07, 2024
- 08:11 AM
- 0
-
Privatize your internet with $128 off three years of Windscribe VPN in this deal
A VPN isn't just a safety tool, it's peace of mind while you're online. This Windscribe VPN Pro Plan three-year subscription handles safety for you online for $79, $128 off the $207 MSRP now through 11:59 PM PST on July 21st.
- JULY 06, 2024
- 08:32 AM
- 0
-
Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion
Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events would be leaked if a $2 million extortion demand is not paid.
- JULY 05, 2024
- 01:05 PM
- 2
-
New Eldorado ransomware targets Windows, VMware ESXi VMs
A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows.
- JULY 05, 2024
- 11:56 AM
- 0
-
Visualize during the summer with $230 off Microsoft Visio 2021 Pro
Visualization is a powerful way to distill data down into something actionable. This Microsoft Visio 2021 Professional instant download makes it easy to do for $19.97, $230 off the $250 MSRP now through 11:59 PM PST on July 21st.
- JULY 05, 2024
- 07:17 AM
- 0
-
Ethereum mailing list breach exposes 35,000 to crypto draining attack
A threat actor compromised Ethereum's mailing list provider and sent to over 35,000 addresses a phishing email with a link to a malicious site running a crypto drainer.
- JULY 04, 2024
- 12:17 PM
- 0
-
Hackers attack HFS servers to drop malware and Monero miners
Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software.
- JULY 04, 2024
- 08:33 AM
- 0
No comments:
Post a Comment