What is BGP Hijacking?
Table of Contents
- By Greg Brown
- May 19, 2023
The internet of the 80s is with us today, controlling data flow, direction, delivery, and more. Border Gateway Protocols date back to the origins of internet traffic routing between autonomous systems.
The Internet is a network of networks broken down into hundreds of thousands of smaller components known as autonomous systems. A single internet service provider controls the millions of smaller networked components, giving us access to the WWW.
What is Border Gateway Protocol (BGP)?
Autonomous systems are vast pools of routers managed by the central host (ISP) or a single enterprise. Routers transmit their outbound signals to their AS’s central or controlling node. The Border Gateway Protocol (BGP) is the transport mechanism forwarding data packets to their destination.
BGP is the world’s most widely used exterior routing protocol because it allows for fully decentralized routing. The protocol gives the optimum path through the ASes, providing edge-to-edge routing.
The BGP Protocol is nearly 30 years old and is considered a modern internet bedrock. Conceived in 1989 on the back of napkins by engineers from IBM and Cisco, BGP was designed only as an interim solution at the time. The new transport protocol needed to overcome the complexities of connecting administrative domains.
BGPs primary function is managing how data packets are routed across the internet from AS to AS. BGP exchanges routing and reachability information between edge routers to accomplish its goal. Internally managed edge routers are the final device between one autonomous system and another. For example, within an enterprise, the edge router is the device that connects a corporate LAN to the internet.
What are the Risks of BGP Protocol?
The single biggest problem with the BGP protocol; the mechanism was conceived at a time when there were only a few prominent players on the global internet scene. Today there are hundreds of thousands of autonomous systems situated around the globe. Millions of individual routers make up single, large, and complex networks.
BGP’s original design never considered protection against deliberate cyber attacks and constant user errors. The protocol’s current version through BGP4 has attempted to correct these shortcomings and add significant enhancements.
With so many routes and complexities of the modern internet, BGP can go wrong in many ways.
What is BGP Hijacking?
BGP Route Hijacking, which is sometimes called IP hijacking or even BGP Network Hijacking, can cause considerable damage. Route hijacking happens when a malicious hacker controls routing information to redirect internet traffic to a predator’s server. BGP Hijacking can have catastrophic consequences on business, from extended downtime to severe data loss. Over the years, experts have developed steps to troubleshoot BGP and prevent route hijacking. It is vital to monitor BGP sessions regularly, looking for routing changes and any variance from the agreements of AS neighbors. Also, employ control measures such as Resource Public Key Infrastructure; the RPKI can validate the authenticity of routing information.
BGP route flapping is a widespread problem and occurs when a neighboring network sends updates continuously. These updates are about changes in IP address routing, which can cause network instability. BGP route flapping happens when there is faulty hardware or software, a misconfigured BGP filter, or possibly issues with the ISP. Admins can troubleshoot route flapping by identifying if the problem is local or external. Run the BGP command: “show ip bgp neighbors” or “show ip bgp summary” Output provides information on neighboring networks and routing activity. Errors in router configuration and BGP filters help to pinpoint any issues.
BGP configuration errors are pervasive and some of the most common problems network admins face. Configuration errors usually happen when the protocol is not set up correctly. Network communication and a dramatic decrease in performance are brought to the front, depending on the misconfiguration. The first action to resolve these errors is reviewing each step in setup and confirming each setting has been inputted correctly. Check for any recent undocumented changes to the settings and updates needing to be applied. Examine routing tables for accuracy and perform a traceroute for further insight.
BGP RIB-Failure occurs when a router cannot install a route into the routing table, causing network failure. The first step to fix BGP RIB-Failure, check the BGP neighbor table to verify the correct inputs are appropriately configured. If the tables are input correctly, configuration or firewall settings may be at fault. Check all BGP attributes, including local preference, AS path, and MED, to ensure no discrepancies exist. Also, it is essential to verify the route being installed has an active next hop in the configuration with at least one neighbor. If these settings are incorrect, there may be an issue with BGP peering or routing policies.
How Hackers Use BGP Attacks?
As the name implies, a man-in-the-middle attack is a malicious redirection of the BGP protocol. The impact of a well-organized assault can be devastating to the business economy anywhere downline. A man-in-the-middle attack can be used alone or be part of a much larger coordinated scheme.
The following are six man-in-the-middle attacks with the malicious use of the BGP protocol.
- HTTPS Spoofing creates fake websites, then uses the BGP protocol to route traffic to the site, usually loaded with malware.
- SSL Stripping is when the predator reduces the security of a legitimate website and then reroutes fake traffic.
- IP Spoofing happens when cybercriminals spoof Transmission Control Protocol (TCP) packets in the header of a legitimate website to redirect traffic to a chosen location. These attacks capitalize on the trust between two devices.
- ARP Spoofing allows predators to intercept specific communication packets between network nodes.
- DNS Spoofing happens when the criminal replaces a legitimate IP address in a routing table with a fake address and reroutes traffic to a malicious website.
- BGP Misdirection is an attack that redirects internet traffic to a malicious route by spoofing IP prefixes.
How to Prevent BGP Attacks?
The BGP protocol is part of the internet’s foundation, and mitigating routing attacks can be difficult, if not impossible. Protecting your organization against BGP hijacking takes constant vigilance. Signs of prefix hijacking can be increased latency, degraded network performance, and a drop in website traffic.