BGP, The Next Internet Vulnerability?

Internet is a mesh of very complex networks. All of them are interconnected in several ways and exchange data. A meshed network means that they are multiple paths available to reach a specific network. If we look at the Internet fundamentals, the “Network of Networks” relies on a small list of major protocols. You, happy reader of this blog, used all of them to access this page:

  • TCP/IP (of course)
  • DNS – To resolve FQDN into IP addresses
  • BGP4 – To learn the best route to reach this web site

If one of them fails to work properly, most Internet services will be unreachable or, worst, the traffic will be redirected to suspicious hosts. A few months ago, a major security flaw was discovered in the way DNS servers work. By poisoning your local DNS cache, an attacker is able to redirect www.paypal.com to it’s own server!

What about the BGP (Border Gateway Protocol) ? This protocol is used by core routers on the Internet to learn the routes and choose the best one to reach a remote host. If a malicious router (but any UNIX host can potentially runs a BGP daemon. Example: Zebra or bgpd) send malicious BGP advertisements (read “announces false routes”) to its peer, we can have major black holes on the Internet. This already happened a few months ago due to a human error: Youtube was disconnected from the Internet during a few hours!

The Network Administrator blog has an interesting article regarding BGP security: BGP: Yet another Internet time bomb. More links about BGP security are available here.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.