Will this help improving the security of BGP ?
Sat, 08/30/2008 - 01:28 by Olivier Bonaventure • Categories:
During the Defcon conference, two security researchers have shown by a live exploit that interdomain routing with today's BGP is not secure. Additional details about the exploit may be found in :
- http://arstechnica.com/news.ars/post/20080827-inherent-security-flaw-pos...
- http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
The problem is unfortunately not new. It is known since several years by network operators and network researchers although no practical exploit such as this one has been presented earlier. The key issue with the current utilisation of BGP is that it is difficult for a BGP router to determine whether one of its peer can legitimately announce a route towards a given prefix. The current state of the art is to rely on filters that are configured on each router and for each peer. Some small ISPs write these filters manually while others derive them from databases such as those maintained by the Internet Routing Registries such as RIPE, ARIN ou APNIC. Unfortunately, it is difficult to find an authoritative database that provides the Autonomous System that owns each IP prefix. Thus, the filters will be limited to the client-provider links and some operators chose to not implement them, making them vulnerable to attacks or misconfiguration such as the one that affected Youtube ealier this year.
In the short term, current solutions include monitoring the advertisements of prefixes, such as :
Routing Registries are developping cryptographical certificates to certify the ownership of IP prefixes. This would allow ISPs to implement better prefix filters than the current ones. In the long term, securing BGP will likely be needed, but it is unclear whether it will be possible to deploy a new interdomain routing protocol