Border Gateway Protocol (BGP) is the Internet's routing protocol. It directs traffic to go from one IP address to another as effectively as possible.
IETF standard is a gateway protocol that controls how packets are transferred from one network to another. It exchanges routing and reachability information between edge routers and autonomous systems.
When attackers maliciously redirect traffic, this is known as BGP poisoning. Hackers achieve this by falsely claiming ownership of groupings of IP addresses known as IP prefixes to which they do not own, control, or route. A BGP poisoning attack is similar to someone changing all the signage on a stretch of motorway and redirecting automotive traffic to the wrong exits.
By broadcasting discretely produced BGP messages, BGP poisoning is a means to identify additional viable BGP routes that do not transit across declared autonomous systems. It has an impact on BGP's independent system loop deterrence mechanism.
An independent system prepends other autonomous systems that shouldn't be traversed in a BGP statement. Because of the loop deterrence mechanism of BGP, these autonomous systems reject the independent system path and countermand their route from their neighbors when they get the erroneously produced announcement.
When an autonomous system publishes a route to IP prefixes that it doesn't control, this announcement can propagate and be added to routing tables in BGP routers throughout the Internet if it isn't blocked. Traffic to those IPs will be routed to that autonomous system until someone detects and corrects the routes. It would be like claiming territory without local authority to authenticate and enforce property titles.
BGP will always choose the shortest and most specific path to the specified IP address. For the BGP hijack to succeed, the route announcement must either:
1) Provide a more particular route by broadcasting a smaller range of IP addresses.
2) Provide a faster path to specific IP address blocks. Furthermore, not anybody can advertise BGP routes on the more excellent Internet. The announcement must be issued by the operator of an autonomous system or by a threat actor who has hacked an autonomous system for a BGP hijack to occur.
Users can avoid BGP hijacking others by continually monitoring how Internet traffic is routed.
Most networks should only allow IP prefix declarations when necessary, and they should only declare their IP prefixes to specific networks rather than the whole Internet. This helps avoid unintentional route hijacking and may prohibit the autonomous system from accepting fake IP prefix declarations; however, this is difficult to implement.
BGP hijacking can cause increased latency, decreased network performance, and redirected Internet traffic. Many more extensive networks will monitor BGP updates to guarantee that their customers don't have delay problems. A few security researchers monitor Internet traffic and publish their results.
BGP keeps the Internet running. However, BGP isn't created with security in mind. More secure routing options for the Internet (such as BGPsec) are being developed, although they have yet to be used. For the time being, BGP is and will remain intrinsically fragile.
Free Resources