俄羅斯的 BGP traffic reroute...

前幾天 (12 號) BGPmon 發現有很多知名的網段被導去俄羅斯:「Popular Destinations rerouted to Russia」。

Early this morning (UTC) our systems detected a suspicious event where many prefixes for high profile destinations were being announced by an unused Russian Autonomous System.

可以看到相當多知名的網段都被導走:

Starting at 04:43 (UTC) 80 prefixes normally announced by organizations such Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games were now detected in the global BGP routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia.

從圖中也可以看出來 AS39523 透過 AS31133 發出這些 routing,然後主要是透過 AS6939 (Hurricane Electric) 擴散:

這幾年俄羅斯在網路上的動作多很多...

俄羅斯政府透過卡巴斯基的漏洞,偷取美國國安局的文件

這下知道為什麼美國政府要直接禁用 Kaspersky 了:「Russian Hackers Stole NSA Data on U.S. Cyber Defense」。如果看不到 WSJ 的文章,可以看「Russia reportedly stole NSA secrets with help of Kaspersky—what we know now」這邊。

最近的事件被發現與 Kaspersky 的漏洞有關:

The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

加上 Kaspersky 有濃厚的俄羅斯官方色彩 (關係良好),以及法令上與技術上都有可能性要求 Kaspersky 協助。雖然這次事件是合約工家裡電腦用 Kaspersky 造成的,但已經有足夠的風險讓美國政府決定開鍘下令完全禁用了:

For years, U.S. national security officials have suspected that Kaspersky Lab, founded by a computer scientist who was trained at a KGB-sponsored technical school, is a proxy of the Russian government, which under Russian law can compel the company’s assistance in intercepting communications as they move through Russian computer networks.

CloudFlare 的莫斯科機房啟用

如同之前 CloudFlare 預告的,在莫斯科機房啟用了:「Moscow, Russia: CloudFlare’s 83rd data center」。

先前大多都是透過瑞典或是德國的機房服務,現在變成在當地直接交換:

Previously, delivery of nearly four million Internet applications on CloudFlare to over 100 million Internet users in Russia occurred mostly from our Stockholm and Frankfurt data centers. By now localizing that delivery, we are helping shave latency down by over 20ms for a majority of Russian users.

這樣整個歐洲的據點算完整了... 接下來應該是非洲與看對北美機房了。