Contact us
  • August 23rd, 2018

    National Internet Segments' Reliability

    Qrator Labs is excited to present the 2018 National Internet Reliability Survey. In this report, we study how the outage of a single AS may affect the global connectivity of the region.

    Internet connectivity at the interdomain level is based on connectivity between autonomous systems (AS’s). As the number of alternate routes between AS’s increases, so goes the fault-resistance and stability of the internet in a given country. However, some paths prove to be more important than others.

    READ MORE →

  • July 30th, 2018

    Leaked Censorship

    For the last 30 years basic idea behind the Internet’ design hasn’t changed - it connects people and services with each other. However, some authorities may have a different angle on what services their citizens should be able to connect to. A regulator might require ISPs to block off selected content or IP-address space for the end-users. How is that implemented? There are many options, but the most popular one is with the help of static routes, that may be propagated locally in BGP. Mistakes in this ‘local propagation’ have happened before: most notable was the YouTube hijack back in 2008, but less famous events were continually happening all over the decade. Today we observed another one, created by Iranian ISP that affected Telegram messenger.

    Check if your IP, AS or Domain was affected:  
    READ MORE →

  • May 30th, 2018

    Integration with RPKI and IRR Data

    Dear colleagues, we are glad to inform you that our team has finished integration with IRR data sources and ROA records. It should significantly increase the quality of hijacks detection, plus improve transparency of what is happening to route objects in different registries.

    READ MORE →

  • May 21st, 2018

    The Day the Internet Survived

    Recently, several severe routing incidents were spreading globally: hijack of the 5% of an entire IPv4 address space from Brazil, route leak between Russia and Asia through Kyrgyzstan, and at last, previous Friday there was an event that could lead to an outage of a significant part of all the BGP ecosystem. Fortunately, it didn’t happen.

    Check if your IP, AS or Domain was affected:  
    READ MORE →

  • April 26th, 2018

    BGP hijacks - Malicious or Mistakes?

    A few days ago several cybersecurity resources reported details of an entirely malicious traffic redirection that combined DNS, and BGP hijacking. The primary goal of this attack was to steal money from different cryptocurrency wallets and services. Moreover, it was successful, since Amazon did not detect it in time. Today, on April 26, another significant incident happened that seems to be also unnoticed by the majority of players.

    Check if your IP, AS or Domain was affected:  
    READ MORE →

  • April 11th, 2018

    Cisco SMI Vulnerability And Beyond

    The situation we observed last week was both peculiar and strange when panic for Cisco Smart Install Protocol remote code execution vulnerability (cisco-sa-20160323-smi) started circling. There was confirmed botnet activity that was wiping configuration files exploiting this vulnerability and leaving a message “Don’t mess with our elections.” Moreover, there were rumors that significant amount of ISPs and even Internet segments get down due to this malicious actions.

    READ MORE →

  • March 6th, 2018

    Memcached Amplification

    Last week there were several notable network incidents, which were the result of a new method for DDoS attacks amplification, using memcached database. Several DDoS mitigation providers, including Qrator Labs and Akamai, have confirmed that they were hit by this new attack kind. The new type of DDoS attack was able to break the record and reach 1.3 Tbps bandwidth. As a reaction to this new threat, Qrator.Radar team has added detection of the open-to-world memcached database in our daily scan.

    READ MORE →

  • January 25th, 2018

    Measurement as the key to transparency

    If you are looking for services such as IP-transit, MPLS channels or DDoS mitigation you can choose from a variety of products. However, it is difficult to compare offers and companies regarding actual service quality. Some organizations compare market offers, but often they look at the market share or the company’s financial condition and other business metrics that are not necessarily relevant to the quality of a service per se. Also, most of these comparisons are not available free of charge.

    READ MORE →

  • January 17th, 2018

    Moscow Traffic Jam

    Moscow is famous for the traffic jams, with the governments continually fighting that particular problem. Nevertheless, the beginning of 2018 was marked with the new traffic bottleneck created with the help of BGP misdirection. At 12:01 UTC 17.01.2018, AS8901 belonging to Moscow City Government started leaking prefixes between its upstreams: the Rostelecom (AS12389) and Comcor (AS8732). Redirection peaked at 70000 affected prefixes.

    Check if your IP, AS or Domain was affected:  
    READ MORE →

  • December 30th, 2017

    Indian Route Leak or There and Back Again

    On the 30.12.2017 Idea Cellular Limited (AS55644) created a massive BGP route leak between its peers and upstream providers, including TATA (AS6453), Reliance Globalcom Limited (AS15412) and Sify (AS9583). This anomaly affected an enormous number of networks all over the world, including content providers, transit ISPs - more than 70000 prefixes overall.

    Check if your IP, AS or Domain was affected:  
    READ MORE →

  • December 21st, 2017

    Real-time Connectivity and the Radar API

    Radar team wishes you a Merry Christmas and a Happy New Year! Also, we brought you some presents.

    A year ago we announced our first real-time service - the connectivity graph. In this challenging part of our project we needed to compress all paths from more than 400 BGP sessions into a single model representation, and then restore it back in a single-valued manner, doing this in less than one minute. Since the announcement we had a hard time facing several bottlenecks in computation process, as we were migrating all other connectivity and security streams to the new real-time engine. Finally, we can share results of the work: from now on all data in connectivity section is updated with a 1-minute delay! Therefore any changes in your connectivity, including your customers, providers or peers connectivity could be verified on our website in nearly real-time.

    READ MORE →

  • December 13th, 2017

    Born to Hijack

    New ISPs emerge every day, and 12 December was not an exception. A new interdomain routing ecosystem actor, AS39523 (DV-LINK-AS) started announcing its address space (one prefix), while at the same time this new network hijacked 80 high profile prefixes. The hijacked prefixes belonged to both Russian and International content providers such as Google, Facebook, Microsoft, Mail.ru, Vkontakte and many more.

    Check if your IP, AS or Domain was affected:  
    READ MORE →

  • November 17th, 2017

    No-no-no-export!

    On November 7, 2017, a bunch of blogs wrote about a route leak created by Level3 that affected a significant amount of users. Route leaks happen all the time, and we persistently monitor them all around the world. Except for the mentioned one, which was not detected by our system. So, for Qrator.Radar team it was vital to get into details of this particular incident and understand why our detectors missed this one. We decided to look into it, but this incident analysis took us some time. However, here's the result.

    Check if your IP, AS or Domain was affected:  
    READ MORE →

  • November 2nd, 2017

    Full Path Incidents & Bogons

    Qrator Labs Radar team is proud to announce the significant change in detection of routing incidents. Previously we were able to give information only about ‘abnormal’ subpath, due to limits of our previous model representation. We put a lot of effort to design and deploy our new model that is capable of processing hundreds of full view BGP sessions in real time which includes compressing data, analyzing compressed representation and full AS_PATH reconstruction for detected incidents. This change substantially increased our opportunities to detect accepted route leaks. Also, with this new functionality, we decided to add in our security section information about bogon routes.

    READ MORE →

  • October 17th, 2017

    Global consequence of the specific bug in a Quagga routing engine

    Two weeks ago Qrator Radar team encountered an intricate network incident, which clarification resulted in an internal investigation/research, victims and perpetrators search and attempts to remedy the situation. On September 30, 2017, our team drew attention to an unusually large number of flashing BGP sessions.

    Check if your IP, AS or Domain was affected:  
    READ MORE →

  • September 28th, 2017

    Local Leak with Global Effects

    On Wednesday, September 27, at 13:28 UTC AS9299, belonging to the largest ISP at the Philippines - Philippine Long Distance Telephone Company (PLDT), leaked prefixes between several Tier-1 operators (TATA, Cogent, Telecom Italia, PCCW) and AS1273, owned by Vodafone Europe. As a result traffic from more than 2000 prefixes in USA, India, and Philippines was redirected to Asia region.

    Check if your IP, AS or Domain was affected:  
    READ MORE →

  • September 22nd, 2017

    When Bank Plays in IP-transit Games

    On September 22 at UTC 8:00 AS51136, belonging to the HomeCredit Bank, leaked more than 55 000 prefixes between two huge ISPs Transtelecom (AS20485) and Vimpelcom (AS3216).

    Most of the affected prefixes are originated by ISPs from United States, China, Brazil, Japan, Mexico, Canada and Russia. This anomaly ended only at 10:22, making this route leak enduring for more than 2 hours.

    Check if your IP, AS or Domain was affected:  
    READ MORE →

  • September 8th, 2017

    Massive Vodafone India route leak

    On September 5 the year 2017, at 15:03 UTC AS55410, owned by Vodafone India leaked more than 10 000 prefixes in the direction of AS1273, belonging to the parent Vodafone holding headquartered at Newbury, United Kingdom. This leak further spread to the outer world, including most Tier-1 ISPs.

    Three big Indian ISPs suffered directly: (ASNs: 4755, 18101 and 9498), increasing latency in their networks. More than 400 operators within South Asia region were affected collaterally. The active phase of this incident lasted for 5 minutes, with a total leak duration of 25 minutes.

    Check if your IP, AS or Domain was affected:  
    READ MORE →

  • July 11th, 2017

    Reliability of National Internet Segments

    The connectivity of Internet at the network layer is a result of interaction between autonomous systems (AS), and it is more stable the more alternatives routes between ASNs there exist, which is basic fault tolerance principle. This research shows how outage of single, though significant AS affects the global connectivity of the region.

    READ MORE →

  • May 10th, 2017

    BGP Open Ports

    Qrator Radar team is pleased to announce a new feature of our network scanner: we begin to detect hosts with vulnerable ports in your network. At this moment we are detecting open TCP ports of BGP network protocol. This protocol is often used by network devices (especially border routers), and generally access to these devices should be restricted using ACL. If such port is open for everyone, it is a serious vulnerability which can be used by attacker to cause denial of service of the network device, which can in turn cause outage of whole networks.

    To check your networks for vulnerable hosts, please visit the \"Vulnerable Ports\" page on our website.

    READ MORE →

LOGIN
×
Contact us
×
Type:
Email:
Subject:
Message:

Thank you for feedback!

We will contact you by provided email address.