BGP Hijacking attacks on Core Networks
Several tools capable of launching BGP hijacking attacks are freely available for download on the Internet. A vigilant system administrator or a penetration tester can employ them to test her own or the client's network to evaluate its resilience to BGP hijacking attacks that can be potentially launched by hackers. In this section, we review two such a tools that are useful for launching a variety of BGP hijacking attacks against routing mechanisms and domain system.
BGP Hijacking Attack
In order to communicate with a speaker in an existing BGP session formed by the speaker itself and its legitimate peer, the hacker needs to acquire more information about the session. They must obtain the source IP address of the peer, through the use of Traceroute for instance. Because in a TCP connection a port number is required, it must be spoofed. Furthermore, the hacker is required to use a correct sequence number (i.e. the way TCP keeps track of the order of packets) and TTL (Time To Live) attribute. TTL is a number that represents the maximum number of hops a packet can take; and is used as a safety mechanism to drop the lost packets. Generally, BGP peer sessions are directly connected, so that the TTL is set to 1. The hacker needs to set the TTL accordingly so that it is received when its value is 1. Crafting this attack is not an easy task since it will require extra BGP session knowledge. However, if accomplished, the targeted speaker will think that the message is legitimate and processes it as if it was sent from its peer, allowing e.g. false route injection, route deletion, etc.