What to do about BGP Hijacks

Thu Dec 14 05:45:57 UTC 2017

Some carriers view measures to improve routing security as a hinderance
rather than as a safeguard to enable business. The BGP protocol itself has
no inherent safety mechanisms, so the network operator has to ensure
adequate layers of protection are implemented on the boundary between their
own network and the Internet.

Normalcy bias may play a role, I see carriers target short term gain by
heavily relying on the assumption that there will never be any
misconfigurations or malicious attacks. Of course yesterday’s incident
shows otherwise.

For many networks the topic of routing security becomes a priority, only
after they've suffered the consequences of an incident.

In the long term, the best way to protect against this type of BGP
hijacking is to require your connectivity suppliers to implement relevant
security measures. Also require full incident reports after BGP hijacks
through your provider or IXP have been observed.

The moment it becomes socially unacceptable to operate an Internet network
without adequate protections in place, there is economic incentive to view
routing security efforts as a competitive advantage rather than a nuisance.

Consider voting with your wallet, this applies to both IP transit carriers
and IXP route server operators. Ask your suppliers what they are doing to
prevent BGP hijacks.

Ars Technica has a great write-up on the latest BGP hijacking incident:
https://arstechnica.com/information-technology/2017/12/suspicious-event-routes-traffic-for-big-name-sites-through-russia/

This MANRS article is on point as well:
https://www.manrs.org/2017/12/another-bgp-routing-incident-highlights-an-internet-without-checkpoints/

Kind regards,

Job