Open In App

What Is BGP Poisoning?

Last Updated : 18 Feb, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

Border Gateway Protocol (BGP) is an IETF standard which refers to a gateway protocol that controls how packets get routed from one network to another by exchanging routing and its reachability information between the edge routers and also through exchanging routing information between autonomous systems, as networks interact and depend on each other and they need a way to communicate with each other, BGP helps in that. BGP is one of the most scalable routing protocols and it has extended its initial purpose of carrying Internet reachability information, and can now carry routes for VPNs, IPv6, Multicast, and other various types of data.

All BGP routers have a routing table that contains the best routes between the autonomous systems and it always takes the most direct and shortest path from one autonomous system to another in order to reach its destination addresses with the fewest hops possible across the networks.

BGP poisoning is a method of discovering other possible BGP routes that don’t pass over defined autonomous systems by broadcasting discreetly created BGP messages. It influences the autonomous system loop deterrence mechanism in BGP.

Working of BGP Poisoning:

An autonomous system prepends other autonomous systems that shouldn’t be crossed in a BGP statement. These autonomous systems, upon getting the falsely created announcement, then rejects the autonomous system path and countermand their route from their neighbors because of the loop deterrence mechanism of BGP. For example, to discover the paths that don’t cross autonomous system P in the direction of a prefix p owned by the autonomous system O, now the autonomous system O can declare an autonomous route that contains P, such as (O P O | p). When this declaration gets to the autonomous system P, the autonomous system P discards the route and it pulls out its route from the neighbors due to the propagation of the declaration through prepending its autonomous system numbers which result in a loop in the autonomous system route. Therefore, no paths towards the prefix p will pass through autonomous system P as it is poisoned.  

It is possible to poison multiple autonomous systems at one time. One of the easiest ways to do it is to include all autonomous systems now we plan to poison in the autonomous system path of the declaration, such as (O P1, P2, P3, … Pn O) where P1, P2, P3, … Pn are the autonomous systems to poison. Having said that, this approach can not be used when the number of autonomous systems that need to be poisoned is large as the BGP routers remove the BGP messages with a long autonomous system path. An alternate approach is to use an autonomous system set, that is an unordered set of autonomous system numbers, to contain all autonomous systems to poison in the autonomous system path, for example, (O {P1, P2, P3, … Pn} O), where {P1, P2, P3, … Pn} is an autonomous system set with autonomous systems to poison. Utilizing this method, it is possible to send BGP announcements but only with the lengths of 3 to poison any number of autonomous systems, this method is also known as the autonomous systems set stuffing. Though, this method also has its own set of problems such as the BGP messages with a large autonomous system set in an autonomous path being filtered out by the BGP routers. To increase the number of autonomous systems that are going to be poisoned, multiple autonomous systems sets need to be used in the autonomous system path.  

Working of BGP Poisoning

Working of BGP Poisoning

As can be seen in the above image, the path that the monitor M observes is (S X N V | p) in the direction of prefix p that is declared by autonomous system V. To discover other routes from autonomous system S in the direction of p, we poison autonomous system X by declaring (V X V | p). Now, the loop deterrence mechanism will activate and will withdraw the paths from autonomous system X to autonomous system V, making autonomous system S choose a different route to the prefix p, which is (S Y N V | p).  

Preventions:

  • IP prefix Filtering.
  • They should incorporate Mutually Agreed Norms for Routing Security.
  • The number of prefixes should be restricted.
  • Authentication checkpoints should be implemented.
  • Automated response tools should be used.

Example of BGP Poisoning:

For instance, a few years back, a provider announced some IP prefixes that belong to the Amazon Route 53 DNS service of AWS. So the users that were trying to log in to a cryptocurrency website were redirected to a fake version of that website which was controlled by malicious actors. Thus, these malicious actors were able to steal approximately $160,000 in Ethereum.

Conclusion:  

BGP poisoning lets us find different routes in the direction of a prefix, which can help us in finding the second hop neighbors of an autonomous system. From these newly found routes, we can also discover the new second hop of neighbors of an autonomous system. That is what we mainly use BGP poisoning for i.e. for finding the second hop neighbors.  


Like Article
Suggest improvement
Previous
What are Polymorphic Viruses?
Next
LAN Switching
Share your thoughts in the comments

Similar Reads

Difference between OSPF and BGP
Difference between EIGRP and BGP
Difference between Border Gateway Protocol (BGP) and Routing Information Protocol (RIP)
Difference between IGRP and BGP
Border Gateway Protocol (BGP)
BGP (Border Gateway Protocol) Advanced Features and Route Reflectors
DNS Spoofing or DNS Cache poisoning
MITM (Man in The Middle) Attack using ARP Poisoning
How to Avoid ARP Poisoning?
What is ARP Spoofing? - ARP poisoning Attack

K
kmbh
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox