BGP: What is border gateway protocol, and how does it work?

As of today, May 1, 2024, internet routing security passed an important milestone. For the first time in the history of RPKI (Resource Public Key Infrastructure), the majority of IPv4 routes in the global routing table are covered by Route Origin Authorizations (ROAs), according to the NIST RPKI Monitor. IPv6 crossed this milestone late last year.

Blog post by BGP experts Doug Madory of Kentik and Job Snijders of Fastly

What is BGP hijacking?

In a BGP hijacking attack, adversaries manipulate BGP routing tables to have a compromised router advertise prefixes that have not been assigned to it. If those false advertisements indicate that a better path is available than the legitimate path, traffic may be directed that way—only the path leads to malicious servers that could steal credentials, download malware, and execute other damaging activities. And all the while end users think they are visiting legitimate sites.

A high-profile case of BGP hijacking occurred in 2018 when a Russian ISP falsely announced a number of IP prefixes that actually belonged to a group of Amazon DNS servers. Users attempting to login to a cryptocurrency site were redirected to a counterfeit site where hackers were able to steal about $152,000 in cryptocurrency.

In another well-documented incident, Pakistan Telecom, in its role as an ISP, attempted in 2008 to censor YouTube by advertising its own BGP routes to the site so users attempting to reach it would be blocked. However, the new routes were also announced to the ISP’s upstream providers, which then got broadcast to the rest of the Internet. As a result, Web requests for YouTube were directed to Pakistan Telecom, which not only resulted in a massive outage for the site and but also overwhelmed the ISP.