BGP Used for Hijacking..

A nice post on how BGP was used to hijack Google and Level 3 DNS services to block twitter and youtube access in Turkey.

Another incident used BJP hijacking to steal bitcoins from miners.

When during defcon 2008 a couple of folks told how they could steal internet, they said:

“We’re not doing anything out of the ordinary,” Kapela told Wired.com. “There’s no vulnerabilities, no protocol errors, there are no software problems. The problem arises (from) the level of interconnectivity that’s needed to maintain this mess, to keep it all working.”

…..

The issue exists because BGP’s architecture is based on trust. …. BGP assumes that when a router says it’s the best path, it’s telling the truth. That gullibility makes it easy for eavesdroppers to fool routers into sending them traffic.

The routing table searches for the destination IP address among those prefixes. If two ASes deliver to the address, the one with the more specific prefix “wins” the traffic. For example, one AS may advertise that it delivers to a group of 90,000 IP addresses, while another delivers to a subset of 24,000 of those addresses. If the destination IP address falls within both announcements, BGP will send data to the narrower, more specific one.

To intercept data, an eavesdropper would advertise a range of IP addresses he wished to target that was narrower than the chunk advertised by other networks. The advertisement would take just minutes to propagate worldwide, before data headed to those addresses would begin arriving to his network.

One solution they propose is:

For this, Kent and BBN colleagues developed Secure BGP (SBGP), which would require BGP routers to digitally sign with a private key any prefix advertisement they propagated. An ISP would give peer routers certificates authorizing them to route its traffic; each peer on a route would sign a route advertisement and forward it to the next authorized hop.

When you read the above stories, it becomes clear that Governments can always tie up with ISPs to sniff/hijack all kinds of traffic for monitoring and other purposes. It also tells us the pressing need to encrypt all traffic, because the Internet at large is very unsecure.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s