Abstract
The border gateway protocol (BGP) is the default inter domain routing protocol used on the internet for exchanging information between autonomous systems. Available literature suggests that BGP is vulnerable to session hijacking attacks. There are a number of proposals aimed at improving BGP security which have not been fully implemented. This paper examines a number of approaches for securing BGP through a comparative study and identifies the reasons why these proposals have not been implemented commercially. This paper analyses the architecture of internet routing and the design of BGP while focusing on the problem of BGP session hijacking attacks. Using Graphical Network Simulator 3 (GNS-3), a session hijack is demonstrated and a solution which involves the implementation of route filtering, policy-maps and route-maps on CISCO routers representing ASes is carried out. In the end, a workable industry standard framework for securing and protecting BGP sessions and border routers from exploitation with little or no modification to the existing routing infrastructure is demonstrated.
Highlights
How to cite this paper: Oti, S.B. and Hayfron-Acquah, J.B. (2014) Practical Security Approaches against Border Gateway Protocol (BGP) Session Hijacking Attacks between Autonomous Systems
Exterior Gateway Protocols such as BGP logically binds the ASes that make up the internet together by providing a mechanism for BGP peers to exchange route information
The objective of the above BGP session hijacking simulation is to bring to light the inherent vulnerability of External BGP (EBGP) sessions and the measures taken to mitigate this vulnerability
Summary
How to cite this paper: Oti, S.B. and Hayfron-Acquah, J.B. (2014) Practical Security Approaches against Border Gateway Protocol (BGP) Session Hijacking Attacks between Autonomous Systems. (2014) Practical Security Approaches against Border Gateway Protocol (BGP) Session Hijacking Attacks between Autonomous Systems. In place of the several other protocols put forward for securing BGP sessions, we believe that the solution ensures that up streams (typically ISPs) of various ASes verifing their downlinks, i.e. the routers advertising routes through them, own the prefixes they are announcing. These uplinks must set up filters to ensure that their downlinks are only allowed to advertise the routes that they own and nothing else. The simulations are implemented in Graphical Network Simulator (GNS-3) running standard industry deployed CISCO devices
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call