2019 and it’s still happening

It’s halfway through 2019 and we still have some major backbones that are not implementing operational best practices. Those operating large networks know the risk of BGP hijacks and other malfeasance. We had a major incident in 2018 that was used to take down parts of Amazon that was tied to crypto currency theft. Real money is lost when these events occur, despite the value that we may individually see as part of this.

Today was the most recent event impacting many providers, directing traffic via a previously unknown provider using a BGP optimizer product from Noction. Many people use solutions like this, but the risks posed by this are regularly seen.

In 2007 I gave a talk at NANOG about some extremely simple mitigations that could be performed to protect one from accepting invalid routes using AS_PATH based filtering. I figure it’s time to link to it again – https://www.youtube.com/watch?v=W9WBBZOfWcA to allow people to see how regularly these occur. The system is still up and running 12 years later here https://puck.nether.net/bgp/leakinfo.cgi showing the problem is ongoing. Today just search for a contact ASN of 396531 to see the problems.

We must put pressure on our providers and operators of backbones to implement things like peer locking and sanity filters to prevent backbone routes to be learned from customers. There is no reason for a provider like Cogent (174) to accept Sprint (1239) or level3 (3356) routes from Verizon Business (701).

120.209.192.0/19 3277 39710 20632 31133 174 701 396531 33154 1239 9808
104.31.88.0/21 3277 39710 20632 31133 174 701 396531 33154 3356 13335

It’s time to end this madness.

Comments are closed.