IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Nigerian firm admits misrouting Google traffic through China

ISP firm MainOne said misconfigured a border gateway protocol filter was the culprit after concerns were raised over traffic hijacking

A Nigerian internet service provider (ISP) has taken responsibility for a glitch that caused some Google traffic to be misrouted through Russia and China.

A misconfigured border gateway protocol (BGP) filter, used to route traffic across the internet, inadvertently sent Google traffic through Russia and China, raising concerns of intentional hijacking.

But, the Main One Cable Co, or MainOne, a small firm in Lagos, Nigeria, said it was due to a "technical glitch" during a planned upgrade.

"In the early hours of Tuesday morning, MainOne experienced a technical glitch during a planned network upgrade and access to some Google services was impacted," the company said in a statement. "We promptly corrected the situation at our end and are doing all that is necessary to ensure it doesn't happen again.

"The error was accidental on our part; we are not aware that any Google services were compromised as a result. MainOne is a major internet service provider in West Africa and has direct reachability with over 100 leading networks globally."

Two of those leading global networks were TransTelekom in Russia and China Telecom, the latter being a partner with MainOne. China Telecom is said to have leaked the routing information out to the rest of the world, where TransTelekom picked it up.

Google is said to have lost control of several million IP addresses for more than an hour on Monday, causing problems for its cloud service and a number of other sites such as YouTube and Spotify. But it said it had no reason to believe it was a malicious act.

"We're aware that a portion of internet traffic was affected by incorrect routing of IP addresses, and access to some Google services was impacted," said a Google spokesperson. "The root cause of the issue was external to Google and there was no compromise of Google services."

Adding to suspicions of hijacking, some Cloudflare-owned IP addresses were also sent through China Telecom. But again, the cloud company has said this is due to the Nigerian ISP inadvertently leaked the routing information to China Telecom, who in turn then leaked it out to the rest of the world.

"Route leaks like this are relatively common and typically just the result of a mistaken configuration of a router," said John Graham-Cumming, Cloudflare CTO. "The global routing system, which is based on BGP, is entirely trust-based. As a result, if a major network wrongly claims that they are the rightful destination for certain traffic then it can cause a disruption."

"The impact on us was minimal. Cloudflare's systems automatically noticed the leak and changed our routing to mitigate the effects."

Graham-Cumming added that if there was something nefarious afoot there would have been a lot more direct, and potentially less disruptive and detectable, ways to reroute traffic.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
Electrical explosion reported at Google's Iowa data centre
data centres

Electrical explosion reported at Google's Iowa data centre

9 Aug 2022