© Formactual Projects Ltd t/a PTT

 

 

<< PTT blog front page


Diverted down the wrong road

IP routing

We take it for granted that when we click on a link to visit a web page, we will be directed to the intended web site. But ensuring traffic reaches its intended destination depends on interactions between computers and networks around the world that are operated by many different organisations. And the routing process depends on trust. When network A tells network B that it can provide a route to destination C, network B assumes network A is run by good guys and believes them.

Routes are advertised using border gateway protocol (BGP) messages. In the early days of the Internet, it was a reasonable assumption that those BGP messages could be trusted. But as the Internet has grown, that is no longer the case. Those with bad intent may hijack the BGP system to divert traffic to their servers to harvest information or money. Hijacking BGP routing is analogous to an adversary changing road signs, redirecting traffic under the pretence of leading them to their intended destination.

A BGP weakness was exploited in 2018 to divert traffic destined for a cryptocurrency website to the hijackers’ phishing site on a server in Russia. During the attack, which lasted for two hours, the hijackers stole $150,000 in cryptocurrency. Although the cryptocurrency site relied on Amazon Web Services (AWS), the hijacking was possible without having to attack the AWS or cryptocurrency servers. Instead, the hacker advertised a supposedly more attractive route to the cryptocurrency site to an Ohio-based internet service provider who took the advert on trust and passed it on to others.

Apart from the activities of those with bad intent, human error can also cause significant disruption. In 2021, it was reported that a Vodafone India network mistakenly advertised that it provided routes to thousands of addresses, when it didn’t, causing the internet to flood this network with traffic that was not meant to go through it. This had a major impact on service providers around the world including Google.

There have been many more examples of the disruption caused by incorrect routing in recent years. Various measures to combat the vulnerability of BGP are now available but not all network operators have adopted them.

PTT’s new online course “Exterior IP routing” describes the role and operation of BGP and the security measures that can be taken to protect the global routing system. Its sister course “Interior IP routing” is also available.