Hello, welcome to the Tuesday, April 7, 2020 edition of the Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

BGP Mon reported that this weekend, Sunday around noon, a large number of prefixes.

They counted about 8,000 different prefixes.

We're all of a sudden being rerouted through Roscom, a Russian ISP,

who has had a pretty rich history in these kind of fraudulent or mistaken BGP announcements.

The problem is always with this BGP hijacking.

It's never really clear whether that's intentional

in that someone is trying to reroute traffic to intercept it

or whether it's just a mistake.

But Roscom and China Telecom happen to be the two ISPs that do the most of it.

Where we have seen it sometimes happens sort of semi-maliciously

is where certain countries do require ISPs to block access to certain networks. And of course, Russia, China are right up

there on the list. And sometimes in establishing these blocks, they are making mistakes where

they are actually affecting many other networks. It should be noted that one of the affected networks was Facebook, but aside of that,

there were multiple others of large cloud providers and such that were affected.

Well-implemented TLS, of course, should protect you from any rerouting like this and for

most practical purposes you shouldn't really rely on any particular route across

the internet.

Now, one recent trend in software development is often referred to as shifting left.

And what this means is that we're trying to take care of security issues and

functional issues for that matter as well as early in the development life cycles as possible.

...