Dyn Inc. is reporting on over 20 attacks per day

Oct 29, 2015 13:48 GMT  ·  By

The Border Gateway Protocol (BGP) is being abused by attackers to reroute traffic through malicious servers or send it to sinkholes, bringing down Internet connections for companies and end-users alike.

These types of attacks are not new, having already been discussed in 2012, after the Department of Homeland Security issued a warning on this topic, and in 2013 and 2014, through a series of reports by Dyn Inc.

The basic principle behind BGP is that Internet routers talk to each other, sharing network maps. When a connection starts on one of the routers and tries to reach its final destination, the first router asks nearby routers for the quickest path.

These servers answer with their routing distance towards the final endpoint, and the first router sends the connection forward on the shortest path.

Routers can lie to each other when talking via BPG

The problem is that BGP does not come equipped with the necessary tools to check if the answers it receives are truly the shortest paths, or are coming from an authorized server.

This opens the door for abuses, with cyber-criminals taking over Internet routers or adding their equipment to a network, and using BGP flaws to redirect traffic through their infrastructure, or shutting down Internet access for desired targets.

According to Dyn Inc. representatives, these types of attacks have grown in the past few months, and some of them have targeted high-profile targets, ranging from hedge fund firms to top-level Internet providers.

Around 20 fake BGP rerouting incidents are detected per day

As Doug Madory, Director of Internet Analysis at Dyn Inc., said to The Wall Street Journal, around 20 of these types of attacks are currently being detected on a daily basis.

Akamai also observed BGP rerouting attacks being used to DDoS smaller networks, flooding them with massive amounts of Internet traffic.

BGP, considered the best external gateway routing protocol to date, is set to receive a massive update, one on which scientists and Internet engineers have been working for the past ten years.