The Internet is typically perceived as one atomic entity. However, in reality, it is composed of roughly 30,000 networks called Antonomous System. The glue in the Internet, which provides connectivity, is the Border Gateway Protocol (BGP). The protocol itself is old and, in its basic form, relys on trust. This can be easily exploited by fraud or misconfigurations, causing parts of the Internet to be unreachable.

I’m currently preparing some classical BGP incidents for tomorrows Network Protocols and Architecture class. While I was looking form some of the classical BGP prefix hijacks that have been covered widely in the press, I found some nice presentation illustrating the incidents:

• First reported incident from 1997
• The Anatomy of a Leak: AS9121: Turkey pretended to be the Internet on December 24, 2005
• The Day the YouTube Died: Due to a censorship of YouTube, because of an anti-islam video (see a copy of the blocking order by the Pakistani government), Pakistan’s telcom pretended to be YouTube. This caused YouTube to be unreachable for up to two hours. This Animation video of BGPlay on YouTube nicely shows the creation of the blackhole.

Prefix hijacks are an classic and often exploited by Spammers (see slide 17 of our presentation, partly based on Feamster’s Sigcomm paper). An extension of this can be used to eavesdropp traffic by re-routing traffic.  A non-trivial evesdropping attack that requires trust from the used upstream provider was presented at DefCon 2008 (see the slides).

A solution can be found in Secure BGP. However, this approach is—like IPv6—not widely deployed.

Further resources:

• Internet Alert Registry
• “Haste ma’n netblock?”: Layer 8 based IP Address hijacking in the end of the days of IPv4
• BGPlay