BGP software • BGP Utilities • BGP Attack Tree Development and testing

BGP MiTM can redirect traffic from major networks such as Google or Facebook to some custom ISP network

This exact use case was presented a few years back at Defcon16 in a presentation titled “Stealing The Internet, An Internet-Scale Man In The Middle Attack”. During this presentation the presenters, Tony Kapela and Alex Pilosov, demonstrated how one can launch a Man-in-The-Middle attack using CIAG BGP tools and redirect traffic for any destination from any location in the world by just introducing some new BGP announcements while staying relatively stealthy.

Tools	Description	Associated CIAG Project	Download
Cisco LMS 4.1	Active network lifecycle management solution	Network monitoring	ospfmon.com
BGP Leak checker	Serial SCADA Protection	On-Line Tool	ospfmon.com
BGP Test Tools	Full package of the following tools used to test BGP vulnerabilities	BGP Attack Tree Development and testing	ciag-bgp-tools-1.00.tar.gz
BGP Password Cracker	libpcap-based RFC 2385 password cracker	BGP Attack Tree Development and testing	bgpcrack-2.1.tar.gz
TCP Testing Tool	Blind sequence number guessing, RFC 2385 message generation and general purpose TCP test tool	BGP Attack Tree Development and testing	ttt-1.3.tar.gz
TCP Hijack Tool	Simple proof of concept tool for injecting spoofed UPDATEs	BGP Attack Tree Development and testing	tcphijack-1.1.tar.gz
Modbus Firewall	A Linux 2.4.x Netfilter Extension that permits filtering decisions (DROP, REJECT, etc.) based on application-layer values, allowing finer-grained access control for Modbus/TCP protocol	Modbus Firewall	http://modbusfw.sf.net
LOKI	a Python based framework implementing many packet generation modules for Layer 3 protocols, including BGP, LDP, OSPF, VRRP and quite a few others	BGP Attack Tree Development and testing	loki-0.2.7.exe