What is BGP Hijacking?

  • By Greg Brown
  • May 19, 2023

What is BGP Hijacking

The internet of the 80s is with us today, controlling data flow, direction, delivery, and more. Border Gateway Protocols date back to the origins of internet traffic routing between autonomous systems.

The Internet is a network of networks broken down into hundreds of thousands of smaller components known as autonomous systems. A single internet service provider controls the millions of smaller networked components, giving us access to the WWW.

What is Border Gateway Protocol (BGP)?

Autonomous systems are vast pools of routers managed by the central host (ISP) or a single enterprise. Routers transmit their outbound signals to their AS’s central or controlling node. The Border Gateway Protocol (BGP) is the transport mechanism forwarding data packets to their destination. 

BGP is the world’s most widely used exterior routing protocol because it allows for fully decentralized routing. The protocol gives the optimum path through the ASes, providing edge-to-edge routing.

The BGP Protocol is nearly 30 years old and is considered a modern internet bedrock. Conceived in 1989 on the back of napkins by engineers from IBM and Cisco, BGP was designed only as an interim solution at the time. The new transport protocol needed to overcome the complexities of connecting administrative domains.

BGPs primary function is managing how data packets are routed across the internet from AS to AS. BGP exchanges routing and reachability information between edge routers to accomplish its goal. Internally managed edge routers are the final device between one autonomous system and another. For example, within an enterprise, the edge router is the device that connects a corporate LAN to the internet.

What are the Risks of BGP Protocol? 

The single biggest problem with the BGP protocol; the mechanism was conceived at a time when there were only a few prominent players on the global internet scene. Today there are hundreds of thousands of autonomous systems situated around the globe. Millions of individual routers make up single, large, and complex networks.

BGP’s original design never considered protection against deliberate cyber attacks and constant user errors. The protocol’s current version through BGP4 has attempted to correct these shortcomings and add significant enhancements.

With so many routes and complexities of the modern internet, BGP can go wrong in many ways.

What is BGP Hijacking?

BGP Route Hijacking, which is sometimes called IP hijacking or even BGP Network Hijacking, can cause considerable damage. Route hijacking happens when a malicious hacker controls routing information to redirect internet traffic to a predator’s server. BGP Hijacking can have catastrophic consequences on business, from extended downtime to severe data loss. Over the years, experts have developed steps to troubleshoot BGP and prevent route hijacking. It is vital to monitor BGP sessions regularly, looking for routing changes and any variance from the agreements of AS neighbors. Also, employ control measures such as Resource Public Key Infrastructure; the RPKI can validate the authenticity of routing information.

BGP route flapping is a widespread problem and occurs when a neighboring network sends updates continuously. These updates are about changes in IP address routing, which can cause network instability. BGP route flapping happens when there is faulty hardware or software, a misconfigured BGP filter, or possibly issues with the ISP. Admins can troubleshoot route flapping by identifying if the problem is local or external. Run the BGP command: “show ip bgp neighbors” or “show ip bgp summary” Output provides information on neighboring networks and routing activity. Errors in router configuration and BGP filters help to pinpoint any issues.

BGP configuration errors are pervasive and some of the most common problems network admins face. Configuration errors usually happen when the protocol is not set up correctly. Network communication and a dramatic decrease in performance are brought to the front, depending on the misconfiguration. The first action to resolve these errors is reviewing each step in setup and confirming each setting has been inputted correctly. Check for any recent undocumented changes to the settings and updates needing to be applied. Examine routing tables for accuracy and perform a traceroute for further insight.

BGP RIB-Failure occurs when a router cannot install a route into the routing table, causing network failure. The first step to fix BGP RIB-Failure, check the BGP neighbor table to verify the correct inputs are appropriately configured. If the tables are input correctly, configuration or firewall settings may be at fault. Check all BGP attributes, including local preference, AS path, and MED, to ensure no discrepancies exist. Also, it is essential to verify the route being installed has an active next hop in the configuration with at least one neighbor. If these settings are incorrect, there may be an issue with BGP peering or routing policies. 

How Hackers Use BGP Attacks?

As the name implies, a man-in-the-middle attack is a malicious redirection of the BGP protocol. The impact of a well-organized assault can be devastating to the business economy anywhere downline. A man-in-the-middle attack can be used alone or be part of a much larger coordinated scheme. 

The following are six man-in-the-middle attacks with the malicious use of the BGP protocol. 

  • HTTPS Spoofing creates fake websites, then uses the BGP protocol to route traffic to the site, usually loaded with malware.
  • SSL Stripping is when the predator reduces the security of a legitimate website and then reroutes fake traffic.
  • IP Spoofing happens when cybercriminals spoof  Transmission Control Protocol (TCP) packets in the header of a legitimate website to redirect traffic to a chosen location. These attacks capitalize on the trust between two devices. 
  • ARP Spoofing allows predators to intercept specific communication packets between network nodes. 
  • DNS Spoofing happens when the criminal replaces a legitimate IP address in a routing table with a fake address and reroutes traffic to a malicious website. 
  • BGP Misdirection is an attack that redirects internet traffic to a malicious route by spoofing IP prefixes.

How to Prevent BGP Attacks?

The BGP protocol is part of the internet’s foundation, and mitigating routing attacks can be difficult, if not impossible. Protecting your organization against BGP hijacking takes constant vigilance. Signs of prefix hijacking can be increased latency, degraded network performance, and a drop in website traffic.

About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private Instagram (IG) account. You might w ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Public to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone&rs ... Read More

Latest Articles

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

The number of victims caused by the global MOVEit data breach continues to climb; Welltok has announced more exposures, this time from three more health organizations.

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

"Pan American Life Insurance Group Building - New Orleans" by Tony Webster is licensed under CC BY 2.0. Source: Flickr

New York Healthcare Provider Notified 600k Following Network Cyberattack

New York Healthcare Provider Notified 600k Following Network Cyberattack

East River Medical Imaging (ERMI) has three locations in New York City and Westchester County.  ERMI is a "multi-modality radiology center," including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address