Route-Injection Attacks Detouring Internet Traffic

msm1267 writes "Attackers are using route injection attacks against BGP-speaking routers to insert additional hops in the traffic stream, redirecting traffic to third-party locations where it can be inspected before it's sent to its destination. Internet intelligence company Renesys has detected close to 1,500 IP address blocks that have been hijacked on more than 60 days this year, a disturbing trend that indicates attackers could finally have an increased interest in weaknesses inherent in core Internet infrastructure."

Re:traceroute

[fisted]

All the 'evil party' has to do is not decrement the TTL. It won't show up in your traceroute then.

Re:another day

[Anonymous Coward]

The thing with BGP is that there aren't that many sites using it

Woosh. Do you even know what you're talking about? There are literally NO "sites" using BGP (except inasmuch as sites use routers to convey data back to users). BGP is used by ISPs and Telcos, on peering routers etc.

On the level of one of the backbone providers.

Yep that is exactly what they are talking about. Someone is compromising backbone providers. THAT'S WHY THIS IS NEWS.

Re:another day

[jon3k]

Khasim is profoundly wrong about several things, but a lot more than "ISPs and Telcos" run BGP. The entire concept of multihoming [cisco.com] is based around announcing your netblock(s) to multiple carriers via BGP. This provides the broader internet with two AS_PATHs to you.