BGP Hijacking and Mitigation Techniques

Contributed by Christian Matlock

Due to the nature of how BGP operates and how it was designed, a series of both unintentional mistakes or malicious attacks could take place to take down an entire autonomous system; or a more nefarious act of intercepting traffic and then routing it to the correct destination could also take place. In order to combat the trusting nature of BGP, a series of threat mitigation techniques have been implemented in order to protect BGP against attacks. This includes setting up BGP neighbor authentications, filtering BGP prefixes with AS path access lists, BGP time to live (TTL) security check, and the future resource public key infrastructure (RPKI) have been put in use.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet