Home
 » ISP News » 
Sponsored

Google Public DNS Internet Traffic Hijacked and Redirected to BT Latin America

Monday, March 17th, 2014 (8:34 am) - Score 4,234

Internet users that have chosen to replace their broadband ISPs own Domain Name Servers (DNS) with Google’s free Public DNS alternative, which translates IP addresses into human readable form and vice versa, had a bit of a shock over the weekend when their traffic was redirected (hijacked) and sent to BT’s Latin America division in Venezuela and Brazil.

DNS servers are a key component of the Internet and most ISPs use them to covert IP addresses (e.g. 123.56.23.89 [IPv4 example]) into a domain name (e.g. happycatsrus.uk) and back again. But sometimes the ISPs DNS servers can be slower than ideal or may do other things that annoy you (e.g. hijack your Internet searches), in those situations Google and others (e.g. OpenDNS) offer a free alternative.

However Monitoring firm BGPmon, which helps people and operators to assess the routing health of their network, noted in a brief update yesterday afternoon that the Internet search giant’s Public DNS service (8.8.8.8/32) was “hijacked for [around] 22 minutes yesterday [saturday], affecting networks in Brazil & Venezuela“.

google public dns bt hijack ispreview.co.uk

The situation looks like it might have been caused by a BGP (Border Gateway Protocol) hijack, which is regarded as a somewhat significant man-in-the-middle attack / security vulnerability in the worldwide Internet traffic-routing system.

Last May 2013 it was revealed that someone had been using a similar method to stealthily hijack Internet traffic bound for the USA / other countries and redirecting it through servers in Belarus and Iceland, before sending the traffic back on its way to the original destination.

The phenomenon appears to have become increasingly common and the latest redirect didn’t seem to have any problem with getting around Google’s DNSsec security policies. But this alone might not be adequate protection against hijacks, unless Google are also using the latest Resource Certification (aka – Resource Public Key Infrastructure) and other measures to prevent untrusted sources from making such a big change.

At this stage it’s unclear why Google’s Public DNS traffic, which handles around 150 billion queries a day from close to 100 million unique IP addresses, was incorrectly redirected / hijacked and sent off towards BT’s Latin America division. We have shot off a message to Google’s PR division in the hope of finding an answer.

It should be noted that BGP hijacks are now an almost daily occurrence, although most of these don’t hurt traffic on a global level. Similarly it should be noted that Google’s Public DNS service has been hijacked a few times before, such as in 2010 when their traffic was redirected to Romania and Austria.

Delicious
Add to Diigo
Tags:
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he is also the founder of ISPreview since 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
0 Responses

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Promotion
Cheapest Superfast ISPs
  • Hyperoptic £17.00 (*22.00)
    Avg. Speed 30Mbps, Unlimited
    Gift: Code: ONLINEDEAL
  • Vodafone £21.00 (*23.00)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • TalkTalk £22.50
    Avg. Speed 36Mbps, Unlimited
    Gift: None
  • Plusnet £23.99 (*34.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: None
  • First Utility £24.99 (*31.99)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
Poll
*Javascript must be ON to vote*
The Top 20 Category Tags
  1. BT (2243)
  2. FTTP (1677)
  3. FTTC (1483)
  4. Broadband Delivery UK (1467)
  5. Openreach (1196)
  6. Politics (1192)
  7. Business (1066)
  8. Statistics (943)
  9. Fibre Optic (863)
  10. Mobile Broadband (856)
  11. Ofcom Regulation (791)
  12. Wireless Internet (780)
  13. FTTH (770)
  14. 4G (746)
  15. Virgin Media (725)
  16. Sky Broadband (536)
  17. TalkTalk (511)
  18. EE (491)
  19. Vodafone (382)
  20. Security (364)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules