Prefix Hijacking And Interception Of BGP Network

Basically, prefix hijacking mean making false routing statement to attract other’s traffic. By this way, attackers can enter an control the network, read and change the information. After that, they send the false information to the aimed prefix. This problem is more serious than ever before. In April 2018, Amazon BGP route 53 DNS was hijacked for crypto currency. The problem is caused by route exposure due to human mistakes and problems on configurations because BGP itself does not have enough build in security. Most of them come from incorrect router filtering or mistakes of routing policies. We can see them happen with the waste of no export community. For example, no export community isn’t appended to the route advertisement when it should be, then we will see that false advertisement being propagated to more networks than it should be. For mistakes of configuration case, optimizers are things that change prefixes into more specific prefixes for only private use for more efficient internal routing. However, sometimes those routers can be exposed to the outside.

Another cause is route hijacking which are intentional and malicious. The most noticeable plan of these is to ban service so attackers could do a route hijack in the case of a aimed attack or for purposes of suppression. For instance, in 2008, Pakistan blocked youtube by creating more specific routes that pointed to a null nodes and it mostly blackhole all traffic going to youtube for the country. However, what happen was that they falsely expose that null routes to other part of the network and that blocked youtube from accessing by their users. Route hijack can also be used to check traffic and the most common type of attack is called man-in-the-middle attack. This happens when the attackers enter themselves into to AS path in a secret way which make the system hard to detect. This can be used as purpose for checking traffic and possibly even to modify the traffic. We also have cases where man-in-the-middle will only reroute or enter themselves on the reversal path so they become invisible by trace route. Based on this, we can get help by some network companies so that they can check your network both ahead and reversal ways to see anything wrong pop up for your security.

Another type of attacks is IP squatting or spamming. Basically squatters will announce previously IP space that is not used for a while and they will use that to spam people. Once that IP space is blocked because of spamming, they can move to the next IP. These hijacking attacks can cause seriously damage to network include exposure of private information, bank accounts, crypto currency. To prevent this problem, we can update or maintainance the network regularly. We can also add authentification in each packet to avoid hijacking. Most of the company have to hire specialists on network security. Currently there is no software or company that can guarantee to perfectly prevent this problems. However, as long as we maintain and check our network usually, we can reduce this significantly.