Border Gateway Protocol: The Biggest Network Vulnerability Of All?
When BGP was developed, network security wasn't an issue. That's why the problem with BGP is also its greatest advantage: its simplicity.
In terms of security vulnerabilities, much has been made of buffer overflow attacks, distributed denial of service attacks, and Wi-Fi intrusions. While these types of attacks have garnered ample amounts of attention within the more popular IT magazines, blogs and websites, their sex appeal has often served to overshadow an area within the IT industry that is perhaps the backbone of all internet communications: the Border Gateway Protocol (BGP). As it turns out, this simple protocol is open to exploitation – and attempting to secure it would be no small undertaking. (To learn more about technological threats, see Malicious Software: Worms, Trojans and Bots, Oh My!)
What Is BGP?
The Border Gateway Protocol is an exterior gateway protocol that basically routes traffic from one autonomous system (AS) to another autonomous system. In this context, "autonomous system" simply refers to any domain over which an internet service provider (ISP) has autonomy. So, if an end user relies on AT&T as his ISP, he will belong to one of AT&T’s autonomous systems. The naming convention for a given AS will most likely look something like AS7018 or AS7132.
BGP relies on TCP/IP to maintain connections between two or more autonomous system routers. It gained wide popularity during the 1990s when the internet was growing at an exponential rate. ISPs needed a simple way to route traffic to nodes within other autonomous systems, and BGP’s simplicity allowed it to quickly become the de facto standard in inter-domain routing. So, when an end user communicates with someone who uses a different ISP, those communications will have traversed a minimum of two BGP-enabled routers.
An illustration of a common BGP scenario may shed some light on the actual mechanics of BGP. Suppose that two ISPs enter into an agreement to route traffic to and from their respective autonomous systems. Once all of the paperwork has been signed and the contracts have been approved by their respective legal beagles, the actual communications are turned over to the network administrators. A BGP-enabled router in AS1 initiates communication with a BGP-enabled router in AS2. The connection is initiated and maintained via TCP/IP port 179, and since this is an initial connection, both routers exchange routing tables with one another.
Within the routing tables, paths to every existing node within a given AS are maintained. If a full path isn’t available, a route to the appropriate sub-autonomous system is maintained. Once all relevant information has been exchanged during initialization, the network is said to be converged, and any future communications will involve updates and are-you-still-alive communications.
Pretty simple right? It is. And that's precisely the problem, because it's this very simplicity that has led to some very disturbing vulnerabilities.
Why Should I Care?
This is all well and good, but how does this affect someone who uses their computer for playing video games and watching Netflix? One thing that every end user should keep in mind is that the internet is very susceptible to the domino effect, and BGP plays a large role in this. If done correctly, hacking one BGP router could result in denial of service for an entire autonomous system.
Let’s say that the IP address prefix for a given autonomous system is 10.0.x.x. The BGP-enabled router within this AS advertises this prefix to other BGP-enabled routers within other autonomous systems. This is typically transparent to the thousands of end users within a given AS, as most home users are often insulated from the goings on at the ISP level. The sun is shining, birds are singing, and internet traffic is humming along. Netflix, YouTube and Hulu picture quality is positively pristine, and digital life has never been better.
Now, let’s say that a nefarious individual within another autonomous system begins advertising his own network as the owner of the 10.0.x.x IP address prefix. To make matters worse, this network villain advertises that his 10.0.x.x address space has a lower cost than the rightful owner of said prefix. (By cost, I mean fewer hops, more throughput, less congestion, etc. Finances are irrelevant in this scenario). All of the sudden, all of the traffic that was bound for the end user’s network is suddenly diverted to another network, and there’s just not a whole lot that an ISP can do to prevent this.
A scenario very similar to the one just mentioned occurred on April 8, 2010, when an ISP within China advertised something along the lines of 40,000 bogus routes. For a full 18 minutes, untold amounts of internet traffic were diverted to Chinese autonomous system AS23724. In an ideal world, all of this misdirected traffic would have been inside an encrypted VPN tunnel, thereby rendering much of the traffic useless to the intercepting party, but it’s safe to say that this isn’t an ideal world. (Learn more about VPN in Virtual Private Network: The Branch Office Solution.)
The Future of BGP
The problem with BGP is also its greatest advantage: its simplicity. When BGP began to really take hold among the varying ISPs around the world, not much thought was put into concepts such as confidentiality, authenticity or overall security. Network administrators simply wanted to communicate with one another. The Internet Engineering Task Force continues to conduct studies into solutions for the many vulnerabilities within BGP, but attempting to secure a decentralized entity such as the internet is no small undertaking, and the millions of people who currently use the internet may have to simply tolerate the occasional BGP exploitation.