CenturyLink, maintains one of the backbone fiber networks serving telephone and internet connectivity. On December 2018, CenturyLink had a large outage, disrupting 911 services across the United States for 37 hours. The incident report was released on Monday, and it’s… interesting.
“In the early morning of December 27, 2018, a switching module in CenturyLink’s Denver, Colorado node spontaneously generated four malformed management packets.”
These packets were addressed to a broadcast destination, had valid headers and checksums, no expiration time, and were larger than 64 bytes. Because the packets appeared to be properly formed, none of the security infrastructure filtered those packets. The term for what happened next is a “packet storm”. Each device on the node rebroadcast each packet as it was received, quickly saturating the whole fiber network.
“CenturyLink and Infinera state that, despite an internal investigation, they do not know how or why the malformed packets were generated.”
In reading this, I can only suspect this was an intentional attack. Even if this particular instance was accidental, this represents an enormous vulnerability in the CenturyLink backbone network.