Donate
Why Network Operators Need to be Concerned – And How MANRS Can Help Thumbnail
‹ Back
Building Trust 4 February 2015

Why Network Operators Need to be Concerned – And How MANRS Can Help

Andrei Robachevsky
By Andrei RobachevskySenior Technology Programme Manager

Abusing the vulnerabilities of the routing system for various types of malicious activities – like sending spam or spreading malware – is a growing trend. This is the major point I took away from a detailed review Doug Madory from Dyn Research published last week highlighting six examples of bogus routing announcements that represent IP address and ASN squatting or hijacking and path manipulation. As Doug’s analysis suggests, these are not fat fingers, but planned attacks.

Unlike DoS incidents with high public exposure, like YouTube route hijacking, these incidents have less impact on network operations and may go unnoticed for months. The criminals are trying to avoid exposure and often squatting on unused address space, or limiting the propagation of bogus announcements. So on the surface it looks like nothing bad happens in the network, apart from increased volumes of spam, malware and even more difficulty in making attribution and tracking down the criminals.

So do network operators really need to be concerned?

The answer is yes.

There is more to it.

This trend corrodes the global routing system, and as it develops collateral damage will only grow. Let me mention just two aspects of it:

  • Reputation. Network and address blocks have a higher chance of getting into various black lists, which will affect services of network’s customers and users. This might also affect a network’s ability to make peering arrangements.
  • Denial of service. The attackers are less careful sometimes, especially for short and medium-term attacks. They may not bother to check whether the address space they are abusing is used by a network or its customers. And this may result in intermittent service outages that are difficult to debug.

Then why do so many network operators appear unconcerned?

I think, partly, this is an awareness issue and analyses from Dyn Research, BGPmon, and RIPE Labs help articulate the problem better and educate folks. But there are a couple of more fundamental issues at hand:

  • Network protection is in fact in the hands of other networks. To protect the network from hijacking, other networks have to act and take measures.
  • Deploying protective measures often has costs and less obvious benefits for one’s own network. Another way of looking at this, though, is what Paul Vixie calls a “chemical polluter business model” where the profit occurs “here” whereas the costs are shifted onto the larger economy, “down there.”

Yet, we have to break this vicious circle when folks push “toxic waste” into the commons, only to discover that the commons is too polluted to be useful.

And by the way, there is a third aspect of collateral damage – it enforces the perception of some regulators and policy makers that the industry cannot solve this problem on its own and that regulatory action has to be taken.

MANRS – the “Mutually Agreed Norms for Routing Security” document and effort we launched a few months ago – can help here. It contains recommendations that are optimized for low costs and low risk. And it demonstrates a growing group of network operators that are concerned and are willing to take action.

If MANRS recommendations are already implemented in your network – please sign up to give support to this effort and encourage others.

If your network is not already implementing these measures, now is the time to start. By implementing them you will be moving not only your network but the Internet as a whole to a model where one of the Internet¹s core components – its global routing infrastructure – is more secure, resilient, and less prone to abuse. The impacts will be felt on your network as well as others.

Caring collaboratively for our shared resource is the only safe way forward.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Why Routing Security Matters, and IXPs Play a Role
Why Routing Security Matters, and IXPs Play a Role
Improving Technical Security24 July 2015

Why Routing Security Matters, and IXPs Play a Role

Routing incidents happen all the time, but for an individual average network operator they seem somewhat infrequent. When these routing...

More Fraudulent Routing = More Need for MANRS
More Fraudulent Routing = More Need for MANRS
Building Trust22 March 2016

More Fraudulent Routing = More Need for MANRS

Last week Doug Madory from Dyn Research presented a new set of examples of fraudulent routing, this time coming out...

Routing Security – Getting Better, But No Reason to Rest!
Routing Security – Getting Better, But No Reason to Rest!
Mutually Agreed Norms for Routing Security (MANRS)5 February 2019

Routing Security – Getting Better, But No Reason to Rest!

Editor's note: This is an abridged version of a post that was first published on MANRS.org. Read the full version....

Join the conversation with Internet Society members around the world