Welcome, stay tuned...
RFC 6952 RFC 7454 RFC 6192 TCP 179
Spoofing and TCP reset, session hijacking or SYN flooding attacks.
BGP origin hijacks, or BGP path hijacks.
Modifying BGP attributes and exploiting RFD/MRAI timers.
Attackers can flood BGP speakers with too many BGP messages, affecting their ability to process legitimate BGP packets.
https://www.rfc-editor.org/rfc/rfc7908.html
- MED (multi-exit-discriminator)
- Route Flap Damping (RFD)
- Minimum Route Advertisement Interval (MRAI)
- Congestion-induced BGP session failure
- Deliberate route flapping
- Hijacking the prefixes of another AS
- TCP attacks
RFC 3704
- Kapela-Pilosov Attack
- BGP speakers are vulnerable to DoS/DDoS attacks. To protect the BGP speaker, the operator can implement CoPP and ACL, rate-limiting, and uRPF.
- BGP sessions are subject to TCP/IP vulnerabilities. Therefore, it is recommended to use authentication (MD5 or TCP-AO) and GTSM (TTL Security).
- It is critical to restrain incorrect/malicious routing information and prevent it from propagating to the Internet. Most BGP incidents are the result of improper filtering. Each network must implement and maintain accurate filters to strictly control which routes they are accepting into their network and which routes they are announcing to their neighbours.
- Network operators can use information registered in the IRR system to create BGP filters automatically. In addition, most upstream providers implement IRR-based strict filtering for the prefixes they accept from their customers. These filters rely on the data in the IRR system to be accurate and complete.
- It is recommended to create authorised statements in the RPKI system and use RPKI data to validate the origin of BGP routes. RPKI can help prevent some route leaks, can help mitigate the damage of route hijacks and is an essential building block for deploying path validation in the future.