Contact us
  • June 25th, 2019

    How difficult is it to disrupt a service nowadays?

    Today we often talk about SLA and redundancy. And the increasing role of clouds in the overall Internet infrastructure. Someone says that they will play a crucial role in traffic share in the nearest future. However, there are other huge ISPs - Tier-1, aka the biggest transit operators, which have transnational cables and indeed are part of the historical Internet backbone. They often play the role of last resort in the filtration process of bad routes. Because they have hundreds of customers. Also, almost all of these customers believe in what they got from the provider ISPs. That is the main reason why modern internet drafts rely on Tier-1s as flag carriers and hope that they’ll apply a new security mechanism among all the others.
    Is this always a real scenario? READ MORE →

  • May 7th, 2019

    Legacy Outage

    Two days ago, May 5 of the year 2019 we saw a peculiar BGP outage, affecting autonomous systems in the customer cone of one very specific AS with the number 721. READ MORE →

  • April 11th, 2019

    Bad news, everyone! New hijack attack in the wild

    On March 13, a proposal for the RIPE anti-abuse working group was submitted, stating that a BGP hijacking event should be treated as a policy violation. In case of acceptance, if you are an ISP attacked with the hijack, you could submit a special request where you might expose such an autonomous system. If there is enough confirming evidence for an expert group, then such a LIR would be considered an adverse party and further punished. There were some arguments against this proposal.


  • April 8th, 2019

    BGP perforating wound

    It was an ordinary Wednesday on 4.04.2019. Except that at some point of the midday timeline an AS60280 belonging to Belarus’ NTEC leaked 18600 prefixes originating from approximately 1400 ASes. Those routes were taken from the transit provider RETN (AS9002) and further announced to NTEC’s provider - RU-telecom’s AS205540, which, in its turn, accepted all of them, spreading the leak.


  • March 20th, 2019

    Russian Internet Segment Architecture

    As many of our readers know, Qrator.Radar is constantly researching global BGP connectivity, as well as regional. Since the Internet stands for “Interconnected Networks,” to ensure the best possible quality and speed the interconnectivity of individual networks should be rich and diverse, with their growth motivated on a sound competitive basis.


  • March 4th, 2019

    Eliminating opportunities for traffic hijacking

    This week it has been 11 years since the memorable YouTube BGP incident, provoked by the global propagation of a more specific prefix announce, originated by the Pakistan Telecom, leading to an almost 2 hour in duration traffic disruption in the form of redirecting traffic from legitimate path to the bogus one. We could guess if that event was intentional, and even a correct answer wouldn’t help us completely prevent such incidents from happening today. While you read this, a route leak or a hijack is spreading over the networks. Why? Because BGP is not easy, and configuring a correct and secure setup is even harder (yet).


  • January 23rd, 2019

    Not an outage, but the shutdown

    On the week starting January 13 news on Zimbabwe’ internet connection shutdown had been flooding over media. We are here not to discuss the roots of this situation but, instead, to look at the BGP and connectivity picture we have from Zimbabwe.


  • December 27th, 2018

    Memorandum of Understanding with ISOC

    We are pleased to announce that Qrator Labs has signed Memorandum of Understanding with the Internet Society. The Internet Society is a global non-profit organization, trusted as the world’s independent source of leadership for Internet policy, technology standards, and availability of the Internet. It has a global membership base of more than 50,000 individual members and more than 200 branches and member organizations worldwide.


  • November 26th, 2018

    “No Filters” or An Easy Way to Shoot In the Foot

    Several times in our posts we discussed consequences of lack of ingress filtering. Such mistake configuration can work fine most of the time, but one day may result in an outage at regional or even global scale. And yesterday, 25.11.2018, it happened again, this time in Russia.


  • November 13th, 2018

    Mistake, Mistake, Blackhole

    Yesterday, on 12.11.2018 a BGP configuration mistake happened at Mainone Cable Company (AS37282), a Nigerian ISP. It mainly hit two content providers: Google (AS15169, AS36384, AS36492, AS43515) and Cloudflare (AS13335). Leaked routes were accepted by its direct upstream, China Telecom (AS4809), further advertised in Russia to TTK (AS20485) and finally learned by NTT (AS2914) in Europe. After reaching the Tier-1 providers level leaked prefixes propagated globally, redirecting traffic to unusual Europe-Russia-China-Nigeria route.


  • August 23rd, 2018

    National Internet Segments' Reliability

    Qrator Labs is excited to present the 2018 National Internet Reliability Survey. In this report, we study how the outage of a single AS may affect the global connectivity of the region.

    Internet connectivity at the interdomain level is based on connectivity between autonomous systems (AS’s). Test. As the number of alternate routes between AS’s increases, so goes the fault-resistance and stability of the internet in a given country. However, some paths prove to be more important than others.


  • July 30th, 2018

    Leaked Censorship

    For the last 30 years basic idea behind the Internet’ design hasn’t changed - it connects people and services with each other. However, some authorities may have a different angle on what services their citizens should be able to connect to. A regulator might require ISPs to block off selected content or IP-address space for the end-users. How is that implemented? There are many options, but the most popular one is with the help of static routes, that may be propagated locally in BGP. Mistakes in this ‘local propagation’ have happened before: most notable was the YouTube hijack back in 2008, but less famous events were continually happening all over the decade. Today we observed another one, created by Iranian ISP that affected Telegram messenger.

    Check if your IP, AS or Domain was affected:  

  • May 30th, 2018

    Integration with RPKI and IRR Data

    Dear colleagues, we are glad to inform you that our team has finished integration with IRR data sources and ROA records. It should significantly increase the quality of hijacks detection, plus improve transparency of what is happening to route objects in different registries.


  • May 21st, 2018

    The Day the Internet Survived

    Recently, several severe routing incidents were spreading globally: hijack of the 5% of an entire IPv4 address space from Brazil, route leak between Russia and Asia through Kyrgyzstan, and at last, previous Friday there was an event that could lead to an outage of a significant part of all the BGP ecosystem. Fortunately, it didn’t happen.

    Check if your IP, AS or Domain was affected:  

  • April 26th, 2018

    BGP hijacks - Malicious or Mistakes?

    A few days ago several cybersecurity resources reported details of an entirely malicious traffic redirection that combined DNS, and BGP hijacking. The primary goal of this attack was to steal money from different cryptocurrency wallets and services. Moreover, it was successful, since Amazon did not detect it in time. Today, on April 26, another significant incident happened that seems to be also unnoticed by the majority of players.

    Check if your IP, AS or Domain was affected:  

  • April 11th, 2018

    Cisco SMI Vulnerability And Beyond

    The situation we observed last week was both peculiar and strange when panic for Cisco Smart Install Protocol remote code execution vulnerability (cisco-sa-20160323-smi) started circling. There was confirmed botnet activity that was wiping configuration files exploiting this vulnerability and leaving a message “Don’t mess with our elections.” Moreover, there were rumors that significant amount of ISPs and even Internet segments get down due to this malicious actions.


  • March 6th, 2018

    Memcached Amplification

    Last week there were several notable network incidents, which were the result of a new method for DDoS attacks amplification, using memcached database. Several DDoS mitigation providers, including Qrator Labs and Akamai, have confirmed that they were hit by this new attack kind. The new type of DDoS attack was able to break the record and reach 1.3 Tbps bandwidth. As a reaction to this new threat, Qrator.Radar team has added detection of the open-to-world memcached database in our daily scan.


  • January 25th, 2018

    Measurement as the key to transparency

    If you are looking for services such as IP-transit, MPLS channels or DDoS mitigation you can choose from a variety of products. However, it is difficult to compare offers and companies regarding actual service quality. Some organizations compare market offers, but often they look at the market share or the company’s financial condition and other business metrics that are not necessarily relevant to the quality of a service per se. Also, most of these comparisons are not available free of charge.


  • January 17th, 2018

    Moscow Traffic Jam

    Moscow is famous for the traffic jams, with the governments continually fighting that particular problem. Nevertheless, the beginning of 2018 was marked with the new traffic bottleneck created with the help of BGP misdirection. At 12:01 UTC 17.01.2018, AS8901 belonging to Moscow City Government started leaking prefixes between its upstreams: the Rostelecom (AS12389) and Comcor (AS8732). Redirection peaked at 70000 affected prefixes.

    Check if your IP, AS or Domain was affected:  

  • December 30th, 2017

    Indian Route Leak or There and Back Again

    On the 30.12.2017 Idea Cellular Limited (AS55644) created a massive BGP route leak between its peers and upstream providers, including TATA (AS6453), Reliance Globalcom Limited (AS15412) and Sify (AS9583). This anomaly affected an enormous number of networks all over the world, including content providers, transit ISPs - more than 70000 prefixes overall.

    Check if your IP, AS or Domain was affected:  

Contact us

Thank you for feedback!

We will contact you by provided email address.