OK GOOGLE, it looks like you’ve had a bad day, especially as your services when down for an hour on Monday after IP addresses were routed form standard paths to Russia, China and Nigeria.
Hey Google, we appreciate you’ve told Ars Technica that the re-routing wasn’t malicious despite the fact that some of your most sensitive IP addresses, such as those pertaining to your VPN and WAN infrastructure, were routed through these nations, as something looks amiss, especially as you’ve said the problem was down to “external” issues.
As the situation stands, according to cybersecurity firm ThousandEyes, is that a broadband carrier in Lagos, Nigeria, made its system look like the supposedly right and proper route for Google-owned IP prefixes to direct traffic through. And Google thusly did that, sending traffic down routes it wasn’t meant to.
From there, Russian ISP providers, notably TransTelekom, also started messing with Google’s IP routes. And soon Nigeria joined it in re-routing the Google partner Cloudflare’s IP addresses.
The issue was fixed within an hour, but Google remains scratching its nogging on what’s caused the problem.
“The issue with Google Cloud IP addresses being erroneously advertised by internet service providers other than Google has been resolved for all affected users as of 14:35 US/Pacific,” the company aid.
“Throughout the duration of this issue Google services were operating as expected and we believe the root cause of the issue was external to Google. We will conduct an internal investigation of this issue and make appropriate improvements to our systems to help prevent or minimize future recurrence.”
Google noted that pretty much all its traffic is encrypted so the re-routing didn’t lead to compromised services. But it’s still not good news as some businesses that are big into Google’s G Suite were left twiddling their thumbs for some time.
As cynics, we like to suspect there’s foul play afoot, but Cloudflare chief executive Matthew Prince told Ars Technica that the situation was more down to some borkage rather than malicious activity.
“If there was something nefarious afoot, there would have been a lot more direct, and potentially less disruptive/detectable ways to reroute traffic,” he said.
“While setting up a new interconnection, the Nigerian ISP almost certainly inadvertently leaked the routing information to China Telecom who then leaked it out to the rest of the world,” said Prince added.
That all seems innocent enough, but the outage undoubtedly has some people foaming at the mouth with annoyance and it shows how there’s still a lot of trust in ISPs to do the right thing to keep the internet ticking over. µ
Source : Inquirer