Hanlon's Razor - RT.com - BGP

Submitted by tarvid on Sun, 05/11/2014 - 09:17

Arguably the greatest threat of WWIII is the Ukraine affair. The propaganda war is hard to understand unless you get both (or many) perspectives. For me, RT was the most rational allternative to CNN et al (like AlJazeera and the Middle East) and I was troubled when my route to RT.COM was broken a few weeks ago, sufficiently troubled to record "traceroutes". I made a few phone calls with no progress and when RT returned, I recorded the successful route and moved on.

A few days ago, RT became unreachable again. A comparison of the successful and unsuccsessful routes show the last common node (6).

 1  192.168.0.1 (192.168.0.1)  4.656 ms  11.078 ms  11.045 ms
 2  10.1.72.1 (10.1.72.1)  12.607 ms  16.085 ms  16.050 ms
 3  ip68-100-2-245.dc.dc.cox.net (68.100.2.245)  16.307 ms  16.380 ms  16.453 ms
 4  ip68-100-2-33.dc.dc.cox.net (68.100.2.33)  16.794 ms  20.360 ms  20.436 ms
 5  mrfddsrj01gex070003.rd.dc.cox.net (68.100.0.141)  20.041 ms  20.157 ms  21.584 ms
 6  nyrkbprj01-ae0.0.rd.ny.cox.net (68.1.0.252)  24.425 ms  9.723 ms  10.291 ms
 7  ip70-167-150-6.at.at.cox.net (70.167.150.6)  15.562 ms  15.255 ms  15.310 ms
 8  et530-4.RT.MR.MSK.RU.retn.net (87.245.232.181)  143.765 ms  147.992 ms  147.914 ms
 9  GW-Indrik.retn.net (87.245.253.86)  150.497 ms  150.423 ms  149.879 ms
10  * * *
traceroute to rt.com (62.213.85.4), 30 hops max, 60 byte packets
 1  192.168.0.1 (192.168.0.1)  1.656 ms  1.682 ms  1.743 ms
 2  10.1.72.1 (10.1.72.1)  10.767 ms  14.982 ms  14.977 ms
 3  ip68-100-2-245.dc.dc.cox.net (68.100.2.245)  15.123 ms  15.199 ms  15.287 ms
 4  ip68-100-2-33.dc.dc.cox.net (68.100.2.33)  16.145 ms  15.731 ms  16.184 ms
 5  mrfddsrj01gex070003.rd.dc.cox.net (68.100.0.141)  14.907 ms  14.778 ms  23.709 ms
 6  nyrkbprj01-ae0.0.rd.ny.cox.net (68.1.0.252)  18.990 ms  9.549 ms  11.971 ms
 7  sd-cr01-gi1-6.nyc.stream-internet.net (206.126.236.180)  23.487 ms  22.735 ms  22.787 ms
 8  tct-cr01-te5.4.ams.stream-internet.net (195.34.59.113)  129.130 ms  129.212 ms  128.944 ms
 9  bro-cr01-be4.150.stk.stream-internet.net (195.34.53.137)  152.661 ms  151.501 ms  156.221 ms
10  oct-cr03-be5.78.spb.stream-internet.net (212.188.2.94)  154.923 ms  154.681 ms  154.628 ms
11  a197-cr04-be1.78.msk.stream-internet.net (212.188.2.38)  154.862 ms  161.968 ms  161.962 ms
12  m9-cr05-ae13.77.msk.stream-internet.net (212.188.2.61)  144.808 ms  140.040 ms  143.832 ms
13  m9-cr01-po5.77.msk.stream-internet.net (195.34.53.85)  142.387 ms  141.166 ms  140.475 ms
14  Caravan-m9.msk.stream-internet.net (195.34.36.142)  171.922 ms  171.727 ms  171.744 ms
15  v811.th-1.caravan.ru (212.24.42.51)  175.503 ms  177.958 ms  190.685 ms
16  212.24.59.252 (212.24.59.252)  210.078 ms  210.088 ms  210.118 ms
17  62.213.85.4 (62.213.85.4)  207.810 ms  207.827 ms  208.562 ms

http://networktools.nl/asinfo/68.1.0.252 gives me the phone number of NOC engineering and the tech, while agreeable was ultimately unable to resolve the routing issue.

It was at that point I noticed the successful traceroute resolved rt.com to a different address than the failing traceroute. My default DNS servers and several other public DNS servers all point to the IP address which yields the failing route. I can't fix the route but I can assert an alias for rt.com. Most web sites are hosted on "virtual" name based servers so you have to ask for the site by name and not IP address which the alias accomplishes. The aliased ip had a "redirect" to the real rt.com and rt.com was now reachable.

While this exercise seems obscure, it is all part of basic Internetworking. Ultimately I may go to a "proxy" such as TOR but that is a story in itself. In this case I suspect the Russians shot themselves in the foot but as the information wars heat up it is good to remember Fritz Perls "Just because you are paranoid doesn't mean someone is not out to get you". Uncle Sam wants you!