Aug 13, 2014

What is a BGP hijack?

I heard BGP hijacks referred to as a method of mining bitcoins. What is a BJP highjack?


"Like the TCP reset attack, session hijacking involves intrusion into an ongoing BGP session, i.e., the attacker successfully masquerades as one of the peers in a BGP session, and requires the same information needed to accomplish the reset attack. The difference is that a session hijacking attack may be designed to achieve more than simply bringing down a session between BGP peers. For example, the objective may be to change routes used by the peer, in order to facilitate eavesdropping, black holing, or traffic analysis.

By default EBGP peers will attempt to add all routes received by another peer into the device's routing table and will then attempt to advertise nearly all of these routes to other EBGP peers. This can be a problem as multi-homed organizations can inadvertently advertise prefixes learned from one AS to another, causing the end customer to become the new, best-path to the prefixes in question."

BGP - Border Gateway Protocol - is the method used to connect autonomous networks to each other via the Internet.

"Our reliance on the accuracy of the information provided by BGP routers means that anyone who can gain access to one can redirect some portion of online traffic by advertising a sufficiently small set of addresses whose traffic it wants to target. In other words, if you want access to some piece of online traffic directed to someone else, you can use BGP to announce that you will deliver it to its intended recipients—in the same way that Comcast announces it can deliver traffic to me—and the rest of the Internet will believe you. So this is probably what happened in the bitcoin theft incidents investigated by SecureWorks—the thief used the credentials of someone who worked at a Canadian ISP to send out false routing announcements. Using those announcements, the thief redirected the traffic of groups dedicated to bitcoin mining and was able to retain the bitcoins harvested by those groups’ machines rather than paying them out to the owners of the mining computers."

This is from http://www.slate.com/articles/technology/future_tense/2014/08/bgp_hijack...


which is (in my opinion) a very good explanation of what BGP hijacking is, and why it is still going on.  This has been around for a long time.

Answer this