Internet traffic hijacking on the rise

Powered by SC Magazine
 

Trust-based system abused.

Intentional redirection of internet traffic is on the rise, spurring calls for route announcements to be signed and secured and for violations of trust to be exposed through greater transparency between network operators.

Internet performance metrics vendor Renesys said that this year around 1,500 Internet Protocol (IP) address blocks have been hijacked on more than 60 days, including several incidents in Australia.

The attacks targetted financial institutions, voice over IP providers and governments, Renesys said.

Attackers take advantage of traffic routing announcements between networks using Border Gateway Protocol (BGP) being trust-based.

An attacker can abuse this by hijacking BGP routes of other providers, and inserting their own routers in the network path. Such a man in the middle attack would allow miscreants to intercept and capture data that originally was not destined to go through their networks.

It is easy to work out which network operator conducted the route hijacking, Renesys said, pointing to analysis of recent traffic redirection attacks done by Icelandic and Belarus providers.

Attackers rely on the misdirection going unnoticed, and Renesys explained that providers, banks, credit card processors and government agencies should monitor how their advertised IP address prefixes are being routed globally.

Work towards digitally signing and securing BGP routes is also underway. Guidelines published by the Communications Security Reliability and Interoperability Council (CSRIC) under the United States Federal Communications Commission (FCC) propose several measures for secure BGP deployment.

These include better information being published on which provider is authorised to route certain traffic at any given time and location, as well as setting up a cryptographic identity management system for this - the Resource Public Key Infrastructure (RPKI) - as part of a cautious, staged deployment of improved security for BGP.

However, Renesys warns that the internet may never see secured and signed BBGP routes, and suggests greater transparency between operators on the issue is the way to go to expose targetted traffic misdirection.

Routing mishaps have happened in the past, mostly by accident. In 1997, the operators of the Autonymous System 7007 caused widespread disruption to the internet by accidentally leaking most of its entire routing table and creating to a traffic black hole.

One of the better known cases of recent internet redirection involved the Pakistani government, which ordered YouTube to be blocked because of a video it considered offensive.

Incumbent telco Pakistan Telecom set up a route for YouTube traffic to its routers' discard interface, meaning data sent to it would simply be dropped and not forwarded.

After its upstream provider PCCW in Hong Kong sent the new routes and other operators picked them up, requests for YouTube traffic went via Pakistan, with nothing being served up to users from there. 

PCCW resolved the issue by turning off peering with Pakistan Telecom, but the YouTube outage lasted some two hours.

Copyright © iTnews.com.au . All rights reserved.


Internet traffic hijacking on the rise
 
 
 
Top Stories
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
The CISO’s dilemma: Do you trust your partner’s partner?
[Blog post] How far down the chain do you check?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 314

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  58%
 
No
  42%
TOTAL VOTES: 120

Vote