Skip to main content

How does BGP hijacking occur, and how can you prevent it?

 BGP hijacking is a serious network security threat where an attacker injects false BGP routes into the global routing system, diverting traffic to malicious destinations, blackholing it, or enabling man-in-the-middle (MITM) attacks.

How does BGP hijacking occur, and how can you prevent it?

🚨 How BGP Hijacking Occurs

BGP (Border Gateway Protocol) works on trust — any Autonomous System (AS) can announce prefixes without built-in validation. BGP hijacking exploits this:

🔧 Common Types of BGP Hijacks:

  1. Prefix Hijack

    • An AS announces a prefix it doesn’t own (e.g., AS64500 advertises 192.0.2.0/24).

    • If upstream providers accept and propagate this, traffic destined to the real owner is rerouted to the hijacker.

  2. Subprefix Hijack

    • Hijacker announces a more specific prefix (e.g., 192.0.2.0/25 instead of 192.0.2.0/24).

    • Since BGP prefers longer matches, this overrides the legitimate route.

  3. AS Path Manipulation

    • Hijacker spoofs an AS path to appear as a legitimate route.

    • Can be used to hide the origin or manipulate routing decisions.

  4. Man-in-the-Middle (MITM)

    • Traffic is rerouted through the attacker, observed or modified, then forwarded to the correct destination.

🛡️ How to Prevent BGP Hijacking

1. Use RPKI (Resource Public Key Infrastructure)

  • Validates that an AS is authorized to originate specific prefixes.

  • Uses ROAs (Route Origin Authorizations) to cryptographically bind IP prefixes to AS numbers.

  • Routers can be configured to drop "invalid" routes.

RPKI is the most effective tool to prevent prefix hijacking today.

2. Prefix Filtering (by ISPs and peers)

  • Only allow customers to announce prefixes they own.

  • Maintain prefix-lists or use IRR databases (e.g., RADb) to validate announcements.

ISPs must implement filtering for their customers to avoid propagating hijacks.

3. Max Prefix Limits

  • Prevents a peer or customer from announcing an unexpected number of routes (helps detect hijacks or leaks).

4. BGP Session Security

  • Use MD5 authentication to secure BGP sessions (prevents session hijacking).

  • Deploy TTL Security Hack (GTSM) to protect against spoofed BGP packets.

5. BGP Monitoring and Detection

  • Use tools and services like:

    • BGPMon

    • RIPE RIS

    • ARIN's Route Origin Validation

    • Cloudflare's BGPStream

  • Set up alerting for unexpected changes in your prefix announcements.

6. Route Dampening and Filtering

  • Apply route dampening to suppress unstable prefixes.

  • Filter bogon IP space and suspicious AS paths.

🌐 Global Coordination

  • Work with Regional Internet Registries (RIRs) and participate in MANRS (Mutually Agreed Norms for Routing Security).

  • Join RPKI validator communities and route collector projects.

✅ Summary Table

Prevention MethodBenefit
RPKIValidates prefix origins
Prefix FilteringStops invalid announcements
Max Prefix LimitsLimits large leaks or attacks
BGP MD5/TTL SecurityProtects session integrity
Monitoring ToolsDetects and alerts on hijacks
Routing PoliciesEnforce route control

Popular posts from this blog

Can you explain the concept of "geo-targeting" in SEM and when would you use it?

 🌍 What Is Geo-Targeting in SEM? Geo-targeting (or location targeting ) in Search Engine Marketing (SEM) is the practice of showing ads only to users in specific geographic locations — like countries, cities, regions, or even a radius around a point. 📌 Why Use Geo-Targeting? It helps you: Reach your actual customers where they are. Save ad spend by avoiding irrelevant regions. Customize ads to local languages, currencies, or promotions. Improve click-through rate (CTR) and conversion rates by serving more relevant ads. 🧠 When Should You Use It? Scenario Geo-Targeting Use Case 🏪 Local Business Show ads only in your city or surrounding area. Example: A Chennai bakery targets a 10km radius. 🌐 Different Campaigns for Different Countries E.g., one ad in the U.S., another localized version for the U.K. 🚚 Service Area Restrictions You offer delivery only in certain postal codes. 🗣️ Language/Cultural Targeting Tailor messages by region — like "Diwali offer...
Read more

What are the different types of directives in Angular? Give real-world examples.

In Angular, directives are classes that allow you to manipulate the DOM or component behavior . There are three main types of directives: 🧱 1. Component Directives Technically, components are directives with a template. They control a section of the screen (UI) and encapsulate logi c. ✅ Example: @Component ({ selector : 'app-user-card' , template : `<h2>{{ name }}</h2>` }) export class UserCardComponent { name = 'Alice' ; } 📌 Real-World Use: A ProductCardComponent showing product details on an e-commerce site. A ChatMessageComponent displaying individual messages in a chat app. ⚙️ 2. Structural Directives These change the DOM layout by adding or removing elements. ✅ Built-in Examples: *ngIf : Conditionally includes a template. *ngFor : Iterates over a list and renders template for each item. *ngSwitch : Switches views based on a condition. 📌 Real-World Use: < div * ngIf = "user.isLoggedIn...
Read more

Explain the Angular compilation process: View Engine vs. Ivy.

 The Angular compilation process transforms your Angular templates and components into efficient JavaScript code that the browser can execute. Over time, Angular has evolved from the View Engine compiler to a newer, more efficient system called Ivy . Here's a breakdown of the differences between View Engine and Ivy , and how each affects the compilation process: 🔧 1. What Is Angular Compilation? Angular templates ( HTML inside components) are not regular HTML—they include Angular-specific syntax like *ngIf , {{ }} interpolation, and custom directives. The compiler translates these templates into JavaScript instructions that render and update the DOM. Angular uses Ahead-of-Time (AOT) or Just-in-Time (JIT) compilation modes: JIT : Compiles in the browser at runtime (used in development). AOT : Compiles at build time into efficient JS (used in production). 🧱 2. View Engine (Legacy Compiler) ➤ Used in Angular versions < 9 🔍 How It Works: Compiles templat...
Read more