The security of the BGP protocol.
I think everyone understands that the Internet is vulnerable to attacks using routing protocols, and the BGP protocol is no exception in this sense. Defective, incorrectly configured, or intentionally distorted sources of route information can significantly distort the Internet by inserting false route information into route databases distributed using BGP (by modifying, substituting, or reusing BGP packets). There are also some methods of disrupting the network as a whole by breaking links in the information exchange system between BGP nodes. Sources of false information can be both external hosts (outsider) and legitimate BGP nodes.
Cryptographic authentication of data exchange between partners is not provided for in the BGP protocol. The BGP protocol, like the TCP/IP stack, can serve as the target of all the network attacks that we discussed in previous posts. Any third-party node can include plausible BGP messages in the data exchange between BGP partners and, therefore, include false routes in the tables or break the connection between the partners. Any interruption of communication between partners leads to a change in the distributed routing pattern. Moreover, external nodes can also break connections between BGP partners, terminating TCP sessions for them using false packets. External sources of false BGP information can be located anywhere on the Internet.
The requirement to support an authentication mechanism does not mean that it is used in practice. Thus, the authentication mechanism is based on the use of a pre-installed shared secret (shared secret, a common password that all participants in the data exchange must use) and does not include IPsec capabilities for dynamic negotiation of this secret. Therefore, the use of authentication must be a conscious decision and cannot be enabled automatically or by default.
The current BGP specification also allows protocol implementations to accept connections from partners not specified in the configuration. However, the specification does not clearly define a "partner not specified in the configuration
" or how authentication can be used for such cases.
BGP nodes themselves may include false routing data, disguising themselves as another legitimate BGP node or sending routing information on their behalf without proper authority. There have been cases where incorrectly configured or faulty routers have caused serious disruptions to the Internet. Legitimate BGP nodes have the context and information to create plausible but false routing data and, therefore, can cause serious violations. Cryptographic protection and protection of working devices do not allow us to exclude false information received from a legitimate partner, as all encryption requirements will be met in this case. The risk of violations caused by legitimate BGP partners is real and must be taken into account. In other words, you should not rely entirely on neighboring providers, you need to make additional settings, which will be discussed in the following posts.
If false routing information is transmitted, various problems may arise. For example, if false data deletes the correct routing information for a particular network, it may become inaccessible to the part of the Internet that received the false data. And if false information changes the route to the network, packets addressed to this network may be forwarded along a suboptimal path, which in turn may lead to financial losses for this provider. Also, the forwarding path will not match the expected policy or the traffic will simply be lost. As a result, traffic to this network may be delayed on a path that will be longer than necessary. The network may become inaccessible to areas that have received false data. Traffic may also be routed along a path where data may be subjected to unwanted viewing or distorted. For example, using a sniffer, which we have already discussed earlier. If false information shows that an autonomous system includes networks that are not really part of it, packets for such networks may not be delivered from those parts of the Internet that accepted the false information. False announcements of networks belonging to an autonomous system can also lead to fragmentation of aggregated address blocks in other parts of the Internet and cause routing problems for other networks.
As you can see, there are quite a lot of problems related to the security of the BGP protocol. What kind of network disruptions can occur as a result of these attacks?
Violations resulting from such attacks include the following.
Violation of starvation (packet loss). Traffic addressed to the node is forwarded to the part of the network that cannot deliver it, resulting in traffic loss.
Violation of network congestion. More data will be sent through any part of the network than this network is capable of processing. This is a type of denial of service attack.
Violation of the blackhole. A large amount of traffic is routed through a single router, which is unable to handle the increased traffic levels and will discard some, most, or all packets.
Violation of delay. The data addressed to the node is forwarded along a longer path than usual. This violation can lead to delays in data transmission, which is especially noticeable when streaming video or audio content, and to the loss of some traffic, as some packets may expire the Time To Live value due to too long a path.
Violation of looping. The data is transmitted via a closed path and will never be delivered.
Violation of eavesdrop (interception). The data is sent through some router or network that should not see this data, the information can be viewed during such a transfer. As a rule, with such violations, attackers specifically direct traffic through a network segment that they can listen to. Usually, confidential information about credit cards, passwords, access codes, etc. is obtained in this way.
Violation of the partition (network separation). Some parts seem to be disconnected from the network, although in fact they are not. As a result of this violation, traffic may not pass through parts, which will negatively affect the operation of the network as a whole.
Violation of cut (shutdown). Some parts of the network may seem disconnected from the network, although they are actually connected. By analogy with the previous violation, traffic may not pass through some parts.
Violation of churn (waves). The speed of forwarding to the network is changing rapidly, which leads to significant variations in the packet delivery pattern (and may adversely affect the operation of the saturation control system).
Violation of instability (instability). The BGP operation is becoming unstable, and it is not possible to achieve convergence of the route pattern.
Violation of overload. BGP messages themselves become a significant part of the traffic transmitted over the network.
Violation of resource exhaustion. BGP messages themselves consume too much router resources (for example, table space).
Violation of address-spoofing (deceptive addresses). The data is sent through a router or network that is fake and can be used to intercept or distort information. This violation is similar to the interception violation.
Oleg Petukhov, lawyer in the field of international law and personal data protection, information security specialist security, protection of information and personal data.
Telegram channel: https://t.me/protectioninformation
Telegram Group: https://t.me/informationprotection1
Website: https://legascom.ru
Email: online@legascom.ru
#informationprotection #informationsecurity
