Skip to main content

How does BGP hijacking occur, and how can you prevent it?

 BGP hijacking is a serious network security threat where an attacker injects false BGP routes into the global routing system, diverting traffic to malicious destinations, blackholing it, or enabling man-in-the-middle (MITM) attacks.

How does BGP hijacking occur, and how can you prevent it?

🚨 How BGP Hijacking Occurs

BGP (Border Gateway Protocol) works on trust — any Autonomous System (AS) can announce prefixes without built-in validation. BGP hijacking exploits this:

🔧 Common Types of BGP Hijacks:

  1. Prefix Hijack

    • An AS announces a prefix it doesn’t own (e.g., AS64500 advertises 192.0.2.0/24).

    • If upstream providers accept and propagate this, traffic destined to the real owner is rerouted to the hijacker.

  2. Subprefix Hijack

    • Hijacker announces a more specific prefix (e.g., 192.0.2.0/25 instead of 192.0.2.0/24).

    • Since BGP prefers longer matches, this overrides the legitimate route.

  3. AS Path Manipulation

    • Hijacker spoofs an AS path to appear as a legitimate route.

    • Can be used to hide the origin or manipulate routing decisions.

  4. Man-in-the-Middle (MITM)

    • Traffic is rerouted through the attacker, observed or modified, then forwarded to the correct destination.

🛡️ How to Prevent BGP Hijacking

1. Use RPKI (Resource Public Key Infrastructure)

  • Validates that an AS is authorized to originate specific prefixes.

  • Uses ROAs (Route Origin Authorizations) to cryptographically bind IP prefixes to AS numbers.

  • Routers can be configured to drop "invalid" routes.

RPKI is the most effective tool to prevent prefix hijacking today.

2. Prefix Filtering (by ISPs and peers)

  • Only allow customers to announce prefixes they own.

  • Maintain prefix-lists or use IRR databases (e.g., RADb) to validate announcements.

ISPs must implement filtering for their customers to avoid propagating hijacks.

3. Max Prefix Limits

  • Prevents a peer or customer from announcing an unexpected number of routes (helps detect hijacks or leaks).

4. BGP Session Security

  • Use MD5 authentication to secure BGP sessions (prevents session hijacking).

  • Deploy TTL Security Hack (GTSM) to protect against spoofed BGP packets.

5. BGP Monitoring and Detection

  • Use tools and services like:

    • BGPMon

    • RIPE RIS

    • ARIN's Route Origin Validation

    • Cloudflare's BGPStream

  • Set up alerting for unexpected changes in your prefix announcements.

6. Route Dampening and Filtering

  • Apply route dampening to suppress unstable prefixes.

  • Filter bogon IP space and suspicious AS paths.

🌐 Global Coordination

  • Work with Regional Internet Registries (RIRs) and participate in MANRS (Mutually Agreed Norms for Routing Security).

  • Join RPKI validator communities and route collector projects.

✅ Summary Table

Prevention MethodBenefit
RPKIValidates prefix origins
Prefix FilteringStops invalid announcements
Max Prefix LimitsLimits large leaks or attacks
BGP MD5/TTL SecurityProtects session integrity
Monitoring ToolsDetects and alerts on hijacks
Routing PoliciesEnforce route control

Popular posts from this blog

Explain the Angular compilation process: View Engine vs. Ivy.

 The Angular compilation process transforms your Angular templates and components into efficient JavaScript code that the browser can execute. Over time, Angular has evolved from the View Engine compiler to a newer, more efficient system called Ivy . Here's a breakdown of the differences between View Engine and Ivy , and how each affects the compilation process: 🔧 1. What Is Angular Compilation? Angular templates ( HTML inside components) are not regular HTML—they include Angular-specific syntax like *ngIf , {{ }} interpolation, and custom directives. The compiler translates these templates into JavaScript instructions that render and update the DOM. Angular uses Ahead-of-Time (AOT) or Just-in-Time (JIT) compilation modes: JIT : Compiles in the browser at runtime (used in development). AOT : Compiles at build time into efficient JS (used in production). 🧱 2. View Engine (Legacy Compiler) ➤ Used in Angular versions < 9 🔍 How It Works: Compiles templat...
Read more

Explain the concept of ControlValueAccessor in custom form components.

 In Angular, the ControlValueAccessor interface is what allows custom form components to work seamlessly with Angular forms (both reactive and template-driven). 🧠 What is ControlValueAccessor ? It’s an Angular bridge between your custom component and the Angular Forms API . When you use a custom form component (like a date picker, dropdown, slider, etc.), Angular doesn't automatically know how to read or write its value. That’s where ControlValueAccessor comes in. It tells Angular: How to write a value to the component How to notify Angular when the component’s value changes How to handle disabled state 📦 Common Built-in Examples: <input> and <select> already implement ControlValueAccessor You implement it when creating custom form controls 🔧 Key Methods in the Interface Method Purpose writeValue(obj: any) Called by Angular to set the value in the component registerOnChange(fn: any) Passes a function to call when the component value ch...
Read more

What are the different types of directives in Angular? Give real-world examples.

In Angular, directives are classes that allow you to manipulate the DOM or component behavior . There are three main types of directives: 🧱 1. Component Directives Technically, components are directives with a template. They control a section of the screen (UI) and encapsulate logi c. ✅ Example: @Component ({ selector : 'app-user-card' , template : `<h2>{{ name }}</h2>` }) export class UserCardComponent { name = 'Alice' ; } 📌 Real-World Use: A ProductCardComponent showing product details on an e-commerce site. A ChatMessageComponent displaying individual messages in a chat app. ⚙️ 2. Structural Directives These change the DOM layout by adding or removing elements. ✅ Built-in Examples: *ngIf : Conditionally includes a template. *ngFor : Iterates over a list and renders template for each item. *ngSwitch : Switches views based on a condition. 📌 Real-World Use: < div * ngIf = "user.isLoggedIn...
Read more