Print
Two researchers, Alex Pilosov and Anton Kapela, have concocted a technique to exploit the Border Gateway Protocol (BGP) – internet’s core routing protocol. They demonstrated their technique at the DefCon hacker conference in Las Vegas. The threat emanates from the innate credulity of the routing protocol: the BGP apparently is designed to trust all nodes and can be exploited to redirect insane volumes of internet traffic to malevolent networks.
It can be used for spying at a truly unprecedented scale. No, we are not talking about stalking someone on Facebook but nation-state espionage. Millions of users can be exposed within moments of such an attack. A few solutions have already been propounded, but ISPs seem to be watching quietly from the sidelines.
Image Credit: Tech Target
Comments are closed on this article
Sebastianem
September 03, 2008 at 6:38am
Border Gateway Protocol is a language that routers use to talk to each other and update routing tables between Autonomous Systems (AS) (i.e. one ISP to another) and has been in full use since approximately 1989 (see RFC 1105) and replaced Exterior Gateway Protocol.
What the article simply states is an attacker could 'poison' the routing tables in order to get a router to direct traffic to his/her 'malevolent network' and have a user log into their 'fake' site (for example, banking, credit card payment systems).
The fix is to institute a secure version of BGP, although all AS' would have to use the same protocol, or routing tables would become invalaid and traffic would come to a screching halt. On some equipment, an MD5 is sent with the route update as the routes change in order to verify that the message is coming from an authorized router in the network, although this can obviosly be circumvented.
Keith E. Whisman
September 02, 2008 at 4:04pm
What is the work around? What is the fix? It seems to me that this is something an enemy nation would do to a country when going to war. When will they fix this security hole and is Microsoft at all involved in this. After all Microsoft is the king of making software packed with vulnerabilities.
Wareagle
September 02, 2008 at 5:22pm
If you don't want people to see what you're doing on the Internet, make sure you use encryption.
Duh.
opulent_rigs
September 02, 2008 at 4:15pm
being involved...hehehe. Well this protocol is from the infantile days of the internet - the 70's. It is used by all ISPs and large networks to route traffic. Think of it as a protocol to manage traffic between ISPs and networks. It is the ISPs that have access to this protocol and generic users have really got nothing to do with it.
This is the first such public demonstration of an exploit. And never before have any attacks come to light, though the knowlede of the chink has existed for more than a decade. But some time ago Pakistan unintentionally hijacked all Youtube traffic of the world and this weakness in BGP was blamed.
