Diverting and Tampering with Internet Traffic

This is really a disturbing news. Renesys has announced that this year there have been many cases of traffic redirection via BGP which look suspicious at the least.

Without entering in details of how BGP works, it suffices to say that BGP is (together with DNS) the hardcore infrastructure protocol which makes the global Internet working. BGP is used to build traffic routes so that the data can flow from one network to another. Each Internet provider (ISP) uses BGP to announce his own networks to the other ISPs and to learn where and through whom to send data to other destinations.

It is well-known that BGP has some weaknesses in particular due to its trusting that every ISP would not try to cheat. Indeed it possible in some particular situations that an ISP could announce the networks of another ISP and manage to receive all traffic for these networks. In this way, it could be possible to divert the traffic and possibly read it (if it is not encrypted) and tampering with it.

From the Renesys blog entry it seems that this has actually happened this year and that those involved claimed that these incidents have been due to “bugs” in some “vendor BGP software” and that there were no malicious intentions. Let’s just hope that this is true and that there will be introduced soon ways to prevent this to happen in the future.