image15_edited_edited.jpg

IP Hijacks

image31.png

The Border Gateway Protocol

One way in which hijacks are performed is by subverting the mechanism used by the internet to route data packets to their destination. Routing between the networks that comprise the internet uses a protocol called BGP (Border Gateway Protocol). BGP was designed in the 1990s with little to no security controls.

 

While the design has improved over the years, BGP remains vulnerable to routing attacks to this day. Even the most modern security controls put in BGP, such as Resource Public Key Infrastructure (RPKI) do not protect against malicious attacks known as IP hijacks or BGP hijacks.

IP Hijack Attack

To perform an IP hijack, attackers can often use BGP to announce to different network providers that a range of IP addresses is theirs. Since BGP announcements are generally trusted, the providers will send network traffic destined to announced addresses directly to the attacker. Such an attack is akin to the attacker telling phone companies that a telephone number is theirs, and having the companies transfer calls and text messages meant for that number to the attacker.

 

Attacks on BGP are also known as control-plane IP hijack attacks since BGP controls the flow of information on the internet. Collecting and analyzing BGP announcements sent by routers around the world can detect BGP hijacks.

BGProtect

BGProtect offers both active and passive detection of control plane IP hijacks using a global BGP collection infrastructure and proprietary algorithms built on decades of research. Our solution is tailored to your needs and budget and optionally includes consulting, 24/7 incident response and management, and threat intelligence services for more peace of mind.