Ka lebaka la phatlalatso e fosahetseng ea BGP, li-prefixes tse fetang 8800 tsa marang-rang a kantle ho naha. ka marang-rang a Rostelecom, a lebisitseng ho putlama ha nako e khuts'oane ea ho tsamaisa, ho sitisoa ha khokahano ea marang-rang le mathata a phihlello ea lits'ebeletso tse ling lefatšeng ka bophara. Bothata ho feta mekhoa e ikemetseng ea 200 e nang le lik'hamphani tse kholo tsa Inthanete le marang-rang a ho fana ka litaba, ho akarelletsa le Akamai, Cloudflare, Digital Ocean, Amazon AWS, Hetzner, Level3, Facebook, Alibaba le Linode.
Phatlalatso e fosahetseng e entsoe ke Rostelecom (AS12389) ka la 1 Mmesa ka 22:28 (MSK), ebe e nkuoa ke mofani oa Rascom (AS20764) mme ho feta ketane e phatlalalitsoe ho Cogent (AS174) le Level3 (AS3356) , tšimo e neng e akaretsa hoo e batlang e le bafani bohle ba Inthanete boemong ba pele (). BGP e ile ea tsebisa Rostelecom hang-hang ka bothata bona, kahoo ketsahalo eo e ile ea nka metsotso e ka bang 10 (ho latela liphello li ile tsa bonoa nako e ka etsang hora).
Ena hase ketsahalo ea pele e amanang le phoso ka lehlakoreng la Rostelecom. Ka 2017 ka hare ho metsotso e 5-7 ka Rostelecom marang-rang a libanka tse kholo le lits'ebeletso tsa lichelete, ho kenyeletsoa Visa le MasterCard. Liketsahalong tsena ka bobeli, ho bonahala mohloli oa bothata e le mosebetsi o amanang le tsamaiso ea sephethephethe, mohlala, ho lutla ha litsela ho ka etsahala ha ho hlophisoa ho hlahloba ka hare, ho beha pele kapa ho beha seipone sa sephethephethe se fetang Rostelecom bakeng sa litšebeletso tse itseng le li-CDN (ka lebaka la ho eketseha ha marang-rang ka lebaka la mosebetsi o mongata o tsoang lapeng qetellong ea Tlhakubele taba ea ho theola sephethephethe sa lits'ebeletso tsa kantle ho naha molemong oa mehloli ea naha). Ka mohlala, lilemong tse ’maloa tse fetileng ho ile ha etsoa boiteko Pakistan Li-subnet tsa YouTube ho sebopeho se se nang thuso li lebisitse ponahalong ea li-subnets tsena liphatlalatsong tsa BGP le phallo ea sephethephethe sa YouTube ho ea Pakistan.
Hoa thahasellisa hore letsatsi pele ho ketsahalo le Rostelecom, mofani e monyenyane "New Reality" (AS50048) ho tloha motseng. ka Transtelecom ho bile joalo Li-prefixes tse 2658 tse amang Orange, Akamai, Rostelecom le marang-rang a lik'hamphani tse fetang 300. Ho lutla ha tsela ho bakile maqhubu a 'maloa a ho fetisoa ha sephethephethe ho nka metsotso e mengata. Sehlohlolong sa bona, bothata bo amme liaterese tsa IP tse ka bang limilione tse 13.5. Tšitiso e hlokomelehang lefatšeng ka bophara e ile ea qojoa ka lebaka la tšebeliso ea Transtelecom ea lithibelo tsa litsela bakeng sa moreki ka mong.
Liketsahalo tse tšoanang li etsahala Inthaneteng mme di tla tswela pele ho fihlela di kenngwa tshebetsong hohle Liphatlalatso tsa BGP tse thehiloeng ho RPKI (BGP Origin Validation), e lumellang kamohelo ea liphatlalatso feela ho beng ba marang-rang. Ntle le tumello, mokhanni ofe kapa ofe a ka bapatsa subnet e nang le tlhaiso-leseling e iqapetsoeng mabapi le bolelele ba tsela mme a qalelle ho tšela karolo ea sephethephethe ho tsoa lits'ebetsong tse ling tse sa sebeliseng ho sefa lipapatso.
Ka nako e ts'oanang, ketsahalong e ntseng e nahanoa, cheke e sebelisang polokelo ea RIPE RPKI e ile ea fetoha. . Ka tsietsi, lihora tse tharo pele ho dutla ha tsela ea BGP Rostelecom, nakong ea ts'ebetso ea ho nchafatsa software ea RIPE, Litlaleho tsa 4100 ROA (RPKI Route Origin Authorization). Database e ile ea tsosolosoa feela ka la 2 April, 'me nako ena eohle cheke e ne e sa sebetse bakeng sa bareki ba RIPE (bothata ha boa ka ba ama li-repositories tsa RPKI tsa bangolisi ba bang). Kajeno RIPE e na le mathata a macha le polokelo ea RPKI nakong ea lihora tse 7 .
Sefa se thehiloeng ho Registry le sona se ka sebelisoa e le tharollo ea ho thibela ho lutla (Internet Routing Registry), e hlalosang litsamaiso tse ikemetseng tseo ho tsona ho lumelloang ho tsamaisa lihlongwapele tse boletsoeng. Ha o sebelisana le li-operators tse nyane, ho fokotsa tšusumetso ea liphoso tsa batho, o ka fokotsa palo e kholo ea li-prefixes tse amoheloang bakeng sa linako tsa EBGP (setting e phahameng ea prefix).
Maemong a mangata, liketsahalo li bakoa ke liphoso tsa basebetsi ba kotsi, empa morao tjena ho boetse ho 'nile ha e-ba le litlhaselo tse lebisitsoeng, nakong eo bahlaseli ba senyang mekhoa ea litšebeletso tsa bafani. и sephethephethe bakeng sa libaka tse itseng ka ho hlophisa tlhaselo ea MiTM ho nkela likarabo tsa DNS sebaka.
Ho etsa hore ho be thata le ho feta ho fumana litifikeiti tsa TLS nakong ea litlhaselo tse joalo, balaoli ba setifikeiti sa Let's Encrypt ho hlahloba libaka tse ngata ho sebelisa li-subnet tse fapaneng. Ho qoba cheke ena, motho ea hlaselang o tla hloka hore ka nako e le 'ngoe a fihlele phetiso ea litsela bakeng sa litsamaiso tse' maloa tse ikemetseng tsa bafani ba nang le li-uplink tse fapaneng, tse thata ho feta ho tsamaisa tsela e le 'ngoe.
Source: opennet.ru