Global BGP Attacks that Evade Route Monitoring

TL;DR

This paper introduces a novel BGP attack that evades existing monitoring by exploiting RFC-specified communities, demonstrating its effectiveness on major networks and proposing a mitigation to enhance Internet routing security.

Contribution

The paper presents a new BGP attack method that bypasses current monitoring systems and offers a mitigation strategy to improve detection and protection.

Findings

All tested tier-1 networks were vulnerable to the attack.

The attack effectively hides malicious routes from monitoring systems.

Proposed mitigation improves BGP monitoring robustness.

Abstract

As the deployment of comprehensive Border Gateway Protocol (BGP) security measures is still in progress, BGP monitoring continues to play a critical role in protecting the Internet from routing attacks. Fundamentally, monitoring involves observing BGP feeds to detect suspicious announcements and taking defensive action. However, BGP monitoring relies on seeing the malicious BGP announcement in the first place! In this paper, we develop a novel attack that can hide itself from all state-of-the-art BGP monitoring systems we tested while affecting the entire Internet. The attack involves launching a sub-prefix hijack with the RFC-specified NO_EXPORT community attached to prevent networks with the malicious route installed from sending the route to BGP monitoring systems. We study the viability of this attack at four tier-1 networks and find all networks we studied were vulnerable to the attack. Finally, we propose a mitigation that significantly improves the robustness of the BGP monitoring ecosystem. Our paper aims to raise awareness of this issue and offer guidance to providers to protect against such attacks.