- How Attackers Can Exploit BGP
- Types of BGP Attacks
- Defenses Against BGP Exploits
Defenses Against BGP Exploits
Defense Tactic #1: Detect False Route Announcements
- RIPE's MyASN project runs data collection points in Europe, Japan, and North America. Sysadmins can sign up to be alerted whenever changes in global routing information affect their networks.
- Renesys Routing Intelligence offers monitoring and analysis of the global routing tables.
- ASpath-tree is a free program that performs IPv6 network operation analysis based on snapshots of the BGP routing table on IPv6 routers running BGP.
- BGP Monitor is a BGP update feed from the Massachusetts Institute of Technology (MIT) border router. It includes an online, web-based search facility.
- BGP-Inspect, by Merit Network Inc./University of Maryland, offers an online, web-based research tool for BGP update messages.
Defense Tactic #2: Pretty Good BGP
In 2005, Josh Karlin of the University of New Mexico proposed to combat bogus route announcements with Pretty Good BGP (PGBGP). This simple and readily implemented improvement on BGP consists of treating all potentially malicious routes as suspicious for 24 hours, before accepting them as normal. PGBGP provides enough time to detect attacks before they can succeed, and incremental deployment provides good results.
For example, if a new prefix appears that is wholly contained within an existing prefix (as with the YouTube blackout), PGBGP would continue routing to the existing prefix and ignore the new one for a day.
Sysadmins can implement PGBGP by using the Internet Alert Registry.
Defense Tactic #3: Listen and Whisper
Lakshminarayanan Subramanian et al. have developed a combination of two techniques to cope with BGP flaws: Listen and Whisper.
- Listen detects erroneous routes by operating in the data plane of BGP, meaning situations in which a router forwards packets in a way that is inconsistent with the routing advertisements it receives or transmits.
- The problem with relying upon Listen alone is that cyberwarriors can defeat any data plane solution by impersonating legitimate end-hosts. To combat this issue, Whisper operates in the control plane of the BGP system to find false route advertisements based upon penalties chosen by detecting suspiciously long routes.
For details, see "Listen and Whisper: Security Mechanisms for BGP."
Defense Tactic # 4: An Improved Routing Protocol
Subramanian et al. propose to prevent use of BGP to reveal network topologies with their Hybrid Link-State Path-Vector (HLP) routing protocol to hide routing updates from those who should not need this information.
Their analysis suggests that HLP would cause the churn rate of route advertisements to drop by a factor of 400. Better yet, in the case of approximately 50% of links between ASes, HLP can isolate the effects of a hijacked prefix to a region 100 times smaller than that of today's BGP.
The problem with this solution is that any new protocol takes a long time and much politicking to make it into the RFCs and from there into general use.
Conclusion
An improved protocol could head off the vulnerabilities of today's BGP. In the meantime, the tactics and resources I've described above will enable sysadmins to combat BGP's problems.