Border Gateway Protocol (BGP) is the routing protocol that ties the internet together. It is also one of the least-secure foundational protocols, designed in the 1980s on a model of mutual trust between providers. Misconfigurations and attacks on BGP have caused major internet outages and traffic hijacks. This module covers BGP basics, security weaknesses, the attacks observed in the wild, and the modern mitigations (RPKI, BGPsec).
BGP in 60 seconds
- Inter-AS routing protocol β Autonomous Systems (AS) advertise prefixes (IP ranges) to neighbours
- Each AS has a number (ASN) β Google = 15169, Cloudflare = 13335, etc.
- Routers exchange routing updates over TCP port 179 with neighbouring routers (peers)
- Each route has an “AS path” β the sequence of ASs the route traverses
- Best-path selection uses many attributes (local pref, AS path length, MED, origin, etc.)
The trust assumption
BGP was designed assuming peers don’t lie. There is no built-in cryptographic verification that a network legitimately owns a prefix it advertises. If AS X advertises 8.8.8.0/24 (Google’s), neighbours may accept and propagate the announcement. Result: traffic destined to 8.8.8.0/24 routes through AS X β who can drop it, inspect it, or impersonate Google.
Major attack and incident classes
Prefix hijack (route hijack)
An AS announces a prefix it doesn’t own. Sometimes accidental (typo); sometimes malicious (intercept traffic, deny service).
Famous incidents:
- Pakistan Telecom (2008) β accidentally advertised YouTube prefixes; YouTube globally unreachable for ~2 hours
- China Telecom (2010) β briefly leaked routes for ~15% of internet prefixes
- MyEtherWallet (2018) β DNS hijack via BGP led to crypto theft
- Cloudflare (multiple) β has documented dozens of accidental hijacks affecting their prefixes
- Various 2024-2025 incidents β ongoing; route leaks remain weekly events
Route leak
An AS receives routes from one peer and improperly forwards them to another, violating the business relationship (e.g., re-advertising customer routes back to the same provider). Causes traffic to flow through unintended paths β congestion, latency, exposure to inspection.
Continue reading with Pro tier (βΉ4,999/year)
You've read 26% of this module. Unlock the remaining deep-dive, quiz, and every other Advanced/Expert module.