What is BGP Hijacking, Anyway? Thumbnail
Mutually Agreed Norms for Routing Security (MANRS) 7 May 2018

What is BGP Hijacking, Anyway?

By Megan KruseFormer Director, Advocacy and Communications

Two weeks ago, we learned about yet another routing security incident, namely the hijack of BGP routes to the Amazon DNS infrastructure, used as a stepping stone to steal about $150,000 of Ethereum cryptocurrency from MyEtherWallet.com. We’ve been talking a lot lately about BGP hijacking, digging into the details of what happened in this post. But maybe we need to back up a minute and answer: What in the world is BGP hijacking, anyway, and why does it matter? Here, we’ll explain the basics and how network operators and Internet Exchange Points can join MANRS to help solve the problem.

What is BGP?

BGP, or Border Gateway Protocol, is used to direct traffic across the Internet. Networks use BGP to exchange “reachability information” – networks they know how to get to. Any network that is connected to the Internet eventually relies on BGP to reach other networks.

What is BGP Hijacking?

In short, BGP hijacking is when an attacker disguises itself as another network; it announces network prefixes belonging to another network as if those prefixes are theirs. If this false information is accepted by neighboring networks and propagated further using BGP, it distorts the “roadmap” of the Internet. As a result, traffic is forwarded to the attacker instead of its legitimate destination, causing Denial of Service (DoS) attacks or traffic interception. For example, in the MyEtherWallet attack, traffic went to the attacker instead of to Amazon.

Why Does BGP Hijacking Matter?

BGP hijacking may be the result of a configuration mistake or a malicious act; in either case it is an attack on the common routing system that we all use. In the MyEtherWallet case, the hijacking event caused lost revenue for Ethereum cryptocurrency users. In other cases, BGP hijackings have blocked access to whole countries or derailed Web resources for thousands of people.

Why Does This Happen?

There are more than 60,000 core networks across the Internet. Routers use BGP to exchange reachability information, and each router builds a “routing table” and picks the best route to send a packet of information, typically based on the shortest path. Hopping router to router, the originating network eventually learns it can reach its destination by sending traffic through a set of intermediary networks.

The problem is, BGP was created long before security was a major concern. BGP assumes that all networks are trustworthy. Technically, there are no built-in security mechanisms to validate that routes are legitimate. In addition, networks are scattered across the globe making the chain of trust difficult to trace, and even if you’re trying to validate information, there’s a lack of reliable resource data.

What Do We Do About It?

Network operators have a responsibility to ensure a globally robust and secure routing infrastructure. No operator can secure their own network entirely by themselves. Routing security depends on the actions of other networks, and every network should help secure the global routing system as a whole.

That’s where the Mutually Agreed Norms for Routing Security (MANRS) comes in. MANRS is a community initiative of network operators and Internet Exchange Points (IXPs) that creates a baseline of security expectations for routing security. MANRS calls for simple, but concrete actions that will reduce the most common routing threats, including BGP hijacking.

The first MANRS action is filtering, which prevents the propagation of incorrect routing information. If most network operators and IXPs implement the MANRS actions – including filtering – BGP hijacking events would not propagate across the Internet, and we could avoid outages, traffic inspection, and DoS attacks.

Other MANRS actions include anti-spoofing, global validation, coordination, MANRS promotion, and monitoring and debugging tools.

How Do I Get Started?

  1. Read about the MANRS actions for network operators and/or the MANRS actions for IXPs.
  2. Take the six MANRS tutorials to learn about how to implement the actions. This module on filtering is particularly relevant to BGP hijacking.
  3. Implement the appropriate actions for your network.
  4. Join the MANRS community of security-minded organizations working to raise the bar on routing security.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Mutually Agreed Norms for Routing Security (MANRS) 2 November 2023

Achieving Greater Heights for MANRS

Partnering with the Global Cyber Alliance (GCA), we believe that MANRS will continue to be further established as the...

Mutually Agreed Norms for Routing Security (MANRS) 12 April 2022

Routing Security Goes to Washington

A month ago, the United States Federal Communications Commission (FCC) published a “Notice of Inquiry” (NOI) around a subject...

Mutually Agreed Norms for Routing Security (MANRS) 15 February 2022

MANRS in 2021: A Year of Growth and Change

Here are some highlights in the MANRS Community Report 2021 and outline some of our plans for 2022.