Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

7/15/2015
03:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Researchers To Offer Free BGP Security Alert Tool Via Twitter

New tool to be unveiled at Black Hat USA next month will tweet out route hijacking attacks on the Net.

Cybercriminals as well as nation-states increasingly have abused the Internet's underlying Border Gateway Protocol (BGP) traffic-routing fabric to hijack or disrupt networks for profit or political reasons. But sifting through the millions of normal and nefarious routing changes each day on the Internet is not something that most organizations have the know-how or tools to do.

BGP experts from OpenDNS at Black Hat USA next month will launch a new free BGP security alert feed via Twitter. The so-called BGP Stream tool will tweet out alerts on suspicious BGP/Autonomous System Number (ASN) updates and changes so network owners, ISPs, and hosting providers can keep abreast of malicious network changes that could hijack or otherwise disrupt their traffic.

"[There have been] three or four huge BGP attacks" in the past couple of years, says Dan Hubbard, CTO at OpenDNS. "BGP is the new black on the attacker side of things."

The latest BGP attack came to light courtesy of the data dump of the Hacking Team hack:  the controversial security firm assisted the Italian military's Special Operations Group in regaining access to a remote access tool (RAT)-infected client machine via BGP hijacking.

OpenDNS's BGPMon service this week confirmed that BGP attack, information from which was dumped by Wikileaks: "This finding further confirms the use of BGP for nefarious purposes," including other incidents by spammers, said Andree Toonk, manager of network engineering at OpenDNS and founder and lead developer of BGPMon.net, in a post. "BGP hijacks can do serious harm and rapid notification of such an event is essential," says Toonk, who with Hubbard will present BGP Stream at a Black Hat talk in Las Vegas.

OpenDNS earlier this year acquired the BGPMon service, which runs a network of probes on the Net that spot BGP routing changes and issues alerts on attacks or suspicious activity. And Cisco Systems announced late last month that it plans to purchase OpenDNS for $635 million. 

Hubbard says BGP Stream will issue alerts within minutes any routing attack takeovers and "instability" on the Net spotted by BGPMon's network of sensors. Aside from following the Twitter feed, organizations can also write to the Twitter API to pull that information internally. BGP Stream will publish information on which systems are affected by their ASN and name, for example, he says.

In a typical BGP attack, the attacker basically says, "I own that block of IP addresses" and waits to see which networks accept the phony BGP route information, according to Hubbard. Networks that accept the malicious routing update as legit then could send traffic to the hijacked IP addresses, he says."You announce an address space that's not actually yours, and make the router believe you're the best path" for data, thus hijacking it, he says.

Hubbard and Toonk also plan to announce some DNS Stream monitoring feed as part of the BGP Stream tool, according to Hubbard.

[Register now for Black Hat USA.]

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/27/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13386
PUBLISHED: 2020-05-27
In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled...
CVE-2019-20806
PUBLISHED: 2020-05-27
An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.
CVE-2020-10737
PUBLISHED: 2020-05-27
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the hom...
CVE-2020-13622
PUBLISHED: 2020-05-27
JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.
CVE-2020-13623
PUBLISHED: 2020-05-27
JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.