Please tell your friends about federated social media site that speaks several fediverse protocols thus serving as a hub uniting them, hubzilla.eskimo.com, also check out friendica.eskimo.com, federated
macroblogging social media site, mastodon.eskimo.com a federated microblogging site, and yacy.eskimo.com an uncensored federated search engine. All Free!
"alliance" does not mean that they are the same company, Tata Communications and TCS have separate CEOs, separate boards, their employees don't interface with each other
(and to be honest, most that is on their public pages is pure marketing)
but but but Cloudflare "invented" RPKI so that nobody could ever BGP hijack them ever! And Tata is the finest professionals money can buy and nothing but!
I used to follow the BGP sites which list changes. The funniest event was seeing China steal routes to a US business, and seeing the US military steal it back within minutes.
The cyber war is real, fierce, and a spectator sport.
Is someone please able to give a short explanation of what has happened here assuming reader is familiar with basic DNS, but not what BGP is or how you can "accidentally" hijack it?
On the Internet, network devices exchange routes via a protocol called BGP (Border Gateway Protocol). Unfortunately, issues with BGP have led to malicious actors being able to hijack and misconfigure devices leading to security problems which have th…
1. TATA COMM and TCS are separate companies. 2. Cloudflare withdrew both 1.1.1.0/24 and 1.0.0.0/24 announcements due to an unknown reason. So its THEIR fault.
3. The BGP hijack you see is most likely due to a downstream customer of AS4755. Again the outage **isn't caused by TATA** it is caused by Cloudflare themselves.
4. TATA's Tier1 ASN AS6453 filters invalid ROAs but their domestic AS4755 doesn't.
Your post says the outage was BECAUSE of TATA, which is blatantly incorrect. I agree that TATA"s domestic ASN should implement proper filtering like their AS6453, not disagreeing with that. But get your facts right.
On July 14th, 2025, Cloudflare made a change to our service topologies that caused an outage for 1.1.1.1 on the edge, resulting in downtime for 62 minutes for customers using the 1.1.1.
Oddly enough, this didn't really impact me, though I did notice it, and initially thought my own DOH had failed - I was in a hotel and started getting app errors on my phone that looked like DNS failures - I usually have my own Adguard home instance as my DOH server, but had previously turned it off: the hotel was using 1.1.1.1 as their DNS and so therefore so was I.
I turned on my DOH, which, in turn uses both cloudflare and quad9 DOH as upstream servers under load balancing.
I saw your first BGP hijack toot shortly after.
Cloudflare DOH kept on trucking through this outage, provided that you could bootstrap the DOH servers, and by having both CF and Quad9 IPv4 and IPv6 as bootstrap servers, it turns out that I have a fairly resilient DOH set-up.
Philip Oltermann and Paige McClanahan: India's low-cost answer to the VW Beetle fails live up to 'frugal engineering' hype after receiving no stars for adult protection
On July 14th, 2025, Cloudflare made a change to our service topologies that caused an outage for 1.1.1.1 on the edge, resulting in downtime for 62 minutes for customers using the 1.1.1.
Andrew
in reply to Kevin Beaumont • • •greem
in reply to Kevin Beaumont • • •TCS? Is that the same...
Yes, it is.
Their contract renewals will be interesting in the next year.
GrumpSec Spottycat
in reply to Kevin Beaumont • • •Athos
Unknown parent • • •"alliance" does not mean that they are the same company, Tata Communications and TCS have separate CEOs, separate boards, their employees don't interface with each other
(and to be honest, most that is on their public pages is pure marketing)
Simon
in reply to Kevin Beaumont • • •JP
in reply to Kevin Beaumont • • •Eric Goodwin
in reply to Kevin Beaumont • • •RootWyrm 🇺🇦
in reply to Kevin Beaumont • • •DJGummikuh
in reply to Kevin Beaumont • • •Sam Bowne
in reply to Kevin Beaumont • • •slash
in reply to Kevin Beaumont • • •I used to follow the BGP sites which list changes. The funniest event was seeing China steal routes to a US business, and seeing the US military steal it back within minutes.
The cyber war is real, fierce, and a spectator sport.
GeneralX ⏯️
Unknown parent • • •BGP is a "trust me bro" protocol.
Jay Thoden van Velzen ☁️🛡️
in reply to Kevin Beaumont • • •Vicente ⁂
in reply to Kevin Beaumont • • •Karl Auerbach
in reply to Kevin Beaumont • • •Ah, the bodacious Tata's are at it again.
(ICANN had to deal with them in the domain name context when they got ticked off at the adjective I used in the prior paragraph.)
aly
in reply to Kevin Beaumont • • •jdw
in reply to Kevin Beaumont • • •Is BGP safe yet? · Cloudflare
isbgpsafeyet.comMerospit
in reply to Kevin Beaumont • • •Dreaming of dad jazz.
in reply to Kevin Beaumont • • •Shrirang Kahale
in reply to Kevin Beaumont • • •1. TATA COMM and TCS are separate companies.
2. Cloudflare withdrew both 1.1.1.0/24 and 1.0.0.0/24 announcements due to an unknown reason. So its THEIR fault.
3. The BGP hijack you see is most likely due to a downstream customer of AS4755. Again the outage **isn't caused by TATA** it is caused by Cloudflare themselves.
4. TATA's Tier1 ASN AS6453 filters invalid ROAs but their domestic AS4755 doesn't.
Shrirang Kahale
in reply to Shrirang Kahale • • •Shrirang Kahale
in reply to Shrirang Kahale • • •Shrirang Kahale
Unknown parent • • •Shrirang Kahale
in reply to Shrirang Kahale • • •Shrirang Kahale
Unknown parent • • •`Da Elf
in reply to Kevin Beaumont • • •`Da Elf
in reply to `Da Elf • • •TaTa ... aren't they a peach?
Poor @juliewebgirl had to climb over some of that last night.
Next phonecall, more yelling.
I don't actually like yelling.
Kevin Beaumont
in reply to Kevin Beaumont • • •Cloudflare say this was caused by them, not BGP hijack: blog.cloudflare.com/cloudflare…
Although they also logged a BGP hijack at the time: radar.cloudflare.com/routing/a…
Cloudflare 1.1.1.1 Incident on July 14, 2025
The Cloudflare BlogJoão Tiago Rebelo (NAFO J-121)
in reply to Kevin Beaumont • • •Bernard Sheppard
in reply to Kevin Beaumont • • •Oddly enough, this didn't really impact me, though I did notice it, and initially thought my own DOH had failed - I was in a hotel and started getting app errors on my phone that looked like DNS failures - I usually have my own Adguard home instance as my DOH server, but had previously turned it off: the hotel was using 1.1.1.1 as their DNS and so therefore so was I.
I turned on my DOH, which, in turn uses both cloudflare and quad9 DOH as upstream servers under load balancing.
I saw your first BGP hijack toot shortly after.
Cloudflare DOH kept on trucking through this outage, provided that you could bootstrap the DOH servers, and by having both CF and Quad9 IPv4 and IPv6 as bootstrap servers, it turns out that I have a fairly resilient DOH set-up.
aburka 🫣
in reply to Kevin Beaumont • • •Leak
in reply to Kevin Beaumont • • •Whenever I hear "Tata", I'm reminded of their landmark 2014 crash test fail: www.theguardian.com/global-devel...
Tata Nano safety under scrutin...
Tata Nano safety under scrutiny after dire crash test results
Philip Oltermann (The Guardian)Victor Oxyrhynchus
in reply to Kevin Beaumont • • •Sunil
in reply to Kevin Beaumont • • •Different company, different business but same brand just like TATA Steel.
Kevin Beaumont
Unknown parent • • •@xrisk calm down
cyberplace.social/@GossiTheDog…
Kevin Beaumont
2025-07-16 08:40:20