Internet Outrage Caused by Verizon Shows How Fragile the Internet Routing Is

Why the Internet infrastructure is vulnerable to BGP route leaks

On Monday, June 24, a BGP route leak incident occurred due to a Verizon error, causing internet outrages around the world. The BGP screw-up affected Cloudflare, Amazon, Facebook, and others. Cloudflare wrote in a timely blog post suggesting DQE, an Internet Service Provider in Pennsylvania which was using a BGP optimizer in their network, became a preferred path of many Internet routes through Verizon.

“The leak should have stopped at Verizon," explained Cloudflare network software engineer Tom Strickx, "Verizon’s lack of filtering turned this into a major incident that affected many internet services such as Amazon, Linode, and Cloudflare.”

Just last month, Doug Madory, Oracle’s director of internet analysis, wrote in a blog post detailing a BGP route leak incident happened on Thursday, June 6. For roughly two hours, a massive amount of European Internet traffic was rerouted through China Telecom’s own servers. The Internet traffic was rerouted following a BGP route leak at Swiss data center colocation company Safe Host. Over 70,000 routes — comprising an estimated 368 millions IP addresses coming out of Europe — from its internal routing table had been leaked, and subsequently had been rerouted to the Chinese internet service provider (ISP).

What happened was the internet traffic that was meant for European mobile networks was rerouted through China Telecom’s network. While some people may think that maybe it’s because they are using Chinese-brand mobile phones; however, the security issue at stake is not so much about what kind of phone you use, but more about how carrier companies are handling routing of the bulk of internet traffic from any mobile device.

During those two hours of rerouting Internet traffic coming from Europe to Chinese servers, the affected 368 million IP addresses that passed through China could potentially be monitored by the Chinese. The implication is that China was able to read all of the Internet traffic during this time period.

In May, an incident of BGP hijack occurred where traffic going through a public DNS run by the Taiwan Network Information Center (TWNIC) was rerouted to an entity in Brazil for about three and a half minutes.

The current Internet routing infrastructure security protection condition is in such a bad shape that BGP route leaks and hijacking attacks are going to happen again and again if we continue to ignore the reality of the present-day Internet security.

What is BGP?

The above-mentioned incidents are known as Border Gateway Protocol (BGP) leaks or hijacking attacks. To understand what a BGP leak is, we need to know some basics of BGP. The Border Gateway Protocol (BGP) is the protocol used throughout the Internet to exchange routing and reachability information among autonomous systems (AS) on the Internet. It’s a unique language spoken by routers on the Internet to decide how packets should be sent from one router to another among networks.

As defined in RFC 4271, a Border Gateway Protocol (BGP-4), an autonomous system (AS) is “a set of routers under a single technical administration, using an interior gateway protocol (IGP) and common metrics to determine how to route packets within the autonomous system, and using an inter-autonomous system routing protocol to determine how to route packets to other autonomous systems”.

It’s a group of networks that operate under a routing policy and it owns IP prefixes. The prefixes are individual IP addresses which are grouped together. Safe Host, China Telecom, AT&T, and Verizon each are an autonomous system. The routing tables between autonomous systems are maintained using the BGP. If the autonomous system is also an Internet Service Provider (ISP), as in the European traffic rerouting case mentioned above where China Telecom is the AS and also the ISP, it could assign some of the individual IP addresses it manages to customers.

What is a BGP route leak? A BGP hijack?

A BGP route leak is when BGP is used to reroute network traffic at the ISP level by accident. Defined by the Internet Engineering Task Force (IETF), a BGP route leak is “the propagation of routing announcement(s) beyond their intended scope. That is, an announcement from an Autonomous System (AS) of a learned BGP route to another AS is in violation of the intended policies of the receiver, the sender, and/or one of the ASes along the preceding AS path.”

BGP hijacking is a type of cybersecurity incident which is essentially a targeted attack against the interconnections between different Internet routing entities typically referred to by Autonomous System Numbers (ASNs). When as autonomous system announces a route to IP prefixes that it does not own, it can be added to the routing tables in BGP routers across the Internet.

Simply put, BGP hijacks are when attackers announce a route in the network they do not own. It’s when the Internet traffic was maliciously rerouted. Attackers have the capacity to intentionally announce ownership of IP prefixes that they do not own. In most cases, configuration errors are the main cause of a BGP hijack. A critical BGP protection mechanism is the routing prefix filtering. It allows network administrators to filter out undesirable or illegal prefixes in the routing table. A BGP hijack is much like if someone were to change out the traffic signs and reroute the traffic.

Blockchain as decentralized Internet infrastructure

One of the major challenges the BGP faces is it’s inherently built on trust. In other words, the BGP is inherently vulnerable to the propagation of illegitimate routes because it wasn’t designed with security built into it. The route advertisements are generally trusted among ISPs. As a result, the Internet is vulnerable to propagating all sorts of incorrect routes. Because there is no built-in mechanism for making sure that ASs are actually do own the prefixes that they advertise.

The fact that the protocol doesn’t include security mechanisms and that it’s largely based on the trust between network operators worries a lot of people. Attackers could affect the routing tables used by the BGP with a high success rate. It’s no exaggeration to say that the world isn’t yet in a position to entirely prevent BGP hijacking from occurring. Many security researchers are increasingly concerned with BGP vulnerabilities and a lack of improvements towards the current global routing system.

Furthermore, due to the centralized nature of the current Internet routing infrastructure, it is vulnerable to BGP hijacking attacks and many other types of attacks. That’s why we want to swing back to creating a new Internet infrastructure that is governed by open, transparent, decentralized peer-to-peer networks. This has only recently become possible, thanks to technologies arising from blockchains.

Unlike a traditional centralized routing network infrastructure with central servers around, a blockchain which acts as the decentralized web infrastructure could remove the need for central servers, eliminates the certificate authority as the third-party intermediary, and offer strong trust guarantees with its cryptographic designs rooted in the system.

Some of the participants in building new decentralized DNS models, such as Handshake, Ethereum Name Service (ENS), and Diode have proposed that we look at network infrastructure from a decentralized point of view. For instance, Diode is developing a blockchain-based decentralized PKI for resource constrained devices. Their system is implemented with BlockQuick, a newly developed super-light client protocol for Ethereum.

Conclusion

This article looked at several recent BGP incidents, explained some basics of BGP, what a BGP hijack is, and described how the blockchain model can be a way towards a complete, decentralized internet infrastructure. I'm excited that you find my Hacker Noon stories interesting. Let's stay connected! Follow me on Twitter: https://twitter.com/YahsinHuang