Largest internet security hole revealed… or what is BGP?

Filed as Features on August 27, 2008 5:29 am

Wired has the story of the latest major security hole on the internet, the routing protocol BGP:

Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet’s core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness.

This is the second major security flaw found in the core protocols that govern how the internet routes packets of information around the world. Earlier this year, issues with the DNS protocol were revealed and shown to be a significant security issue.

The core issue security researchers face with the DNS and BGP protocol issues is one of trust. Both security “holes” exist because when the protocols were originally developed they assumed that any node on the internet could be trusted. But in today’s world of botnets and black-hat hackers, it’s clear that many internet nodes simply can’t be trusted. But the protocols have never been updated…

Unfortunately, a solution to both of these issues may be a long way down the road:

Douglas Maughan, cybersecurity research program manager for the DHS’s Science and Technology Directorate, has helped fund research at BBN and elsewhere to resolve the BGP issue. But he’s had little luck convincing ISPs and router vendors to take steps to secure BGP.

Tags: , , , , , ,

This post was written by

You can visit the for a short bio, more posts, and other information about the author.

Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or

Did you like it? Then subscribe to our RSS feed!

  1. By Anelly posted on August 28, 2008 at 3:42 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Thanks for the great post written here. The truth is that there must something to be done in order to assure more security and to improve the DNS system.


    Your words are your own, so be nice and helpful if you can. If this is the first time you're posting a comment, it might go into moderation. Don't worry, it's not lost, so there's no need to repost it! We accept clean XHTML in comments, but don't overdo it please.