Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    BGP Security Is in Black Hat’s Cross Hairs

    By
    Sean Michael Kerner
    -
    August 4, 2015
    Share
    Facebook
    Twitter
    Linkedin
      Black Hat

      The Border Gateway Protocol (BGP) is a foundational component of the modern Internet, providing a mechanism by which carriers can share routing information for Internet traffic. As it turns out, BGP is at risk of manipulation by hackers, which is a topic that will be explored at the Black Hat USA security conference in Las Vegas this week.

      Among the scheduled talks on BGP is one by OpenDNS Chief Technology Officer Dan Hubbard on Aug. 6. Hubbard’s talk is titled “BGP Stream,” which is the name of a new tool that he plans on publicly releasing this week.

      “BGP is an old protocol, but it’s a key way that we all get to where we want to go on the Internet,” Hubbard told eWEEK.

      OpenDNS, which itself is in the process of being acquired by Cisco Systems in a deal valued at $635 million, acquired a company called BGPmon in March. BPGmon’s mission, Hubbard explained, is to monitor the Internet for BGP hijacking. BPGmon does this by placing sensors across approximately 100 strategic peering points around the world to collect information on BGP routing tables. Then, an analytics engine looks at differences in the routing tables to see what’s going on and if there is a security risk.

      With the commercial BGPmon service, OpenDNS enables an organization to monitor its own autonomous system (AS) numbers that are in BGP routing tables, providing alerts if those tables are being changed somewhere on the Internet. Hubbard said that until now, there has been no freely available central location where anyone could go to look at large-scale BGP hijacks or outages.

      “So we’re releasing a new service called BGP Stream which is a stream of all the big BGP table changes on the Internet, with some insight into why a given change is important,” he said.

      BGP Stream information will be publicly disseminated via a Twitter account (@BGPstream), which will programmatically tweet BGP changes. The tweets will include a link for more information on the given event. Hubbard added that an organization can also get access to the BGP Stream information via the Twitter API to be integrated into a dashboard.

      BGP security monitoring is now a particularly interesting topic because of information contained in the recently leaked documents from Italian security firm Hacking Team, according to Hubbard.

      “What Hacking Team did is they had a problem where some entity took over their IP space, which was used for their remote access Trojans,” he said. “So they couldn’t control their bots, so they used BGP to announce the address space back to key providers within a particular region.”

      The provider did not have any specific form of BGP filtering and took the routes announced by Hacking Team as being authoritative for how to get to the IP space, where the remote access Trojans were located, Hubbard said.

      “So even though Hacking Team didn’t have the transit rights to those IPs and the IPs were supposed to be going to another location, the Hacking Team-specified routes became the location where all the users were going,” he said.

      Hubbard emphasized that BGP is critically important because it can be used to manipulate entire routes of where people go on the Internet. Among the key challenges with BGP is the simple fact that it doesn’t have a formalized approach for a fully encrypted and authenticated system to verify BGP information. In the DNS world, there is a technology known as DNSsec which does provide cryptographic integrity checking, but there isn’t yet an equivalent for BGP.

      “The latest version of BGP that the Internet runs on is BGP version 4, and it’s over 10 years old and has changed little over the years,” Hubbard said.

      While there are risks, Hubbard noted that there are ways to protect against potential BGP hijacks, including filtering techniques, though in general, organizations listen to the routes that are broadcast from their upstream providers.

      “There isn’t a central authority for BGP information,” he said. “So when an organization connects to its upstream provider, it’s up to the organization to filter the information to understand who exactly the information is coming from and who is announcing the information.”

      The BGP Stream information isn’t just about potential security events; Hubbard said it could also be used to track potential outages on the Internet. He noted that often whenever there is an outage on the Internet, the knee-jerk reaction from the media is that something was hacked.

      “Knowing that there is a security incident is important, and also knowing when something is not a security incident is equally important,” Hubbard said.

      While BGP Stream will be a free public service, OpenDNS is still selling the commercial BGPmon service for those looking to monitor specific systems and get a higher level of real-time detail.

      “BGP Stream provides free access to large-scale events, but we only have 142 characters on Twitter, so we’re somewhat limited,” Hubbard said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×