BGP stands for Border Gateway Protocol which is a routing protocol. BGP is used to transfer data and information between different host gateways, the Internet or autonomous systems. An autonomous system (AS) is an extensive network or group of networks managed by a single organization.
It is a Path Vector Protocol (PVP) that maintains paths to different hosts, network and gateway routers and determines the routing decision based on that. Simply put, it provides directions so that the traffic travels from one IP address to another as efficiently as possible.
When a user types in a website name and the browser finds and loads it, the requests and response go back and forth between the IPs of the user and the website. The DNS (Domain Name System) servers provide the Ip addresses, but BGP (Border Gateway Protocol) offers the most efficient way for the IP address to reach the concerned IP address.
This means DNS is the Internet’s address book and BGP is the road map. BGP always favors the shortest and the most direct path from autonomous systems to an autonomous system to reach IP addresses through the fewest possible hops across the networks.
Understanding BGP hijacks is very important since if it is misconfigured, it can cause massive availability and security problems. Google discovered so in 2008 when YouTube service became unreachable to large portions of the Internet.
It happened so to ban YouTube in its home country, Pakistan Telecom used BGP to route YouTube’s address book into a black hole.
This routing information somehow got transmitted to Pakistan Telecom’s Hong Kong ISP and from there got propagated to the rest of the world. As a result, most of YouTube’s traffic ended up in a black hole in Pakistan.
When an autonomous system(AS) announces a route to IP BGP prefix that it does not control itself, this announcement if not filtered can spread and be added to the routing tables in BGP routers across the Internet. From that moment until being noticed and corrected, the traffic to those IPs will be routed to that AS.
For a BGP hijack to be successful, the route announcement must either:
OR
Once BGP is hijacked, the web traffic can go the wrong way, be monitored or intercepted, be black-holed (Like that of YouTube in 2003), or be re-directed to fake websites.
In some cases, spammers can use BGP hijacking to spoof legitimate IP’s for spamming purposes. As a result of hijacking, the user will face longer page load times since the requests and responses will not follow the most efficient and shortest route, and it may even travel around the world unnecessarily.
The problem is that BGP was created long before security was a significant concern. BGP assumes that all the networks are trustworthy and since there are no built-in security mechanisms to validate the legitimacy of the routes; you cannot do much.
Moreover, the networks are scattered across the globe, which makes the chain of trust challenging to trace, and even you try to validate information, there is a lack of reliable data.
Therefore, aside from constant monitoring of how internet traffic is routed, users and networks can I do very little. Some of those steps are:
BGP routing security was designed to make the internet function smoothly. But, it was not created keeping security in mind. But now that security is an upcoming concern, more secure routing solutions for Internet Privacy are being developed.
One of them is BGPsec which ensures that the router also includes the AS number that it’s sending the update to which then generates a cryptographic signature over the information that is added to the AS path. But, at this moment, BGPsec is still an upcoming solution which is far from being implemented or adopted for now.
Learn more about Cyber Security
Leave Comment