Cloud
7/15/2015
03:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Researchers To Offer Free BGP Security Alert Tool Via Twitter

New tool to be unveiled at Black Hat USA next month will tweet out route hijacking attacks on the Net.

Cybercriminals as well as nation-states increasingly have abused the Internet's underlying Border Gateway Protocol (BGP) traffic-routing fabric to hijack or disrupt networks for profit or political reasons. But sifting through the millions of normal and nefarious routing changes each day on the Internet is not something that most organizations have the know-how or tools to do.

BGP experts from OpenDNS at Black Hat USA next month will launch a new free BGP security alert feed via Twitter. The so-called BGP Stream tool will tweet out alerts on suspicious BGP/Autonomous System Number (ASN) updates and changes so network owners, ISPs, and hosting providers can keep abreast of malicious network changes that could hijack or otherwise disrupt their traffic.

"[There have been] three or four huge BGP attacks" in the past couple of years, says Dan Hubbard, CTO at OpenDNS. "BGP is the new black on the attacker side of things."

The latest BGP attack came to light courtesy of the data dump of the Hacking Team hack:  the controversial security firm assisted the Italian military's Special Operations Group in regaining access to a remote access tool (RAT)-infected client machine via BGP hijacking.

OpenDNS's BGPMon service this week confirmed that BGP attack, information from which was dumped by Wikileaks: "This finding further confirms the use of BGP for nefarious purposes," including other incidents by spammers, said Andree Toonk, manager of network engineering at OpenDNS and founder and lead developer of BGPMon.net, in a post. "BGP hijacks can do serious harm and rapid notification of such an event is essential," says Toonk, who with Hubbard will present BGP Stream at a Black Hat talk in Las Vegas.

OpenDNS earlier this year acquired the BGPMon service, which runs a network of probes on the Net that spot BGP routing changes and issues alerts on attacks or suspicious activity. And Cisco Systems announced late last month that it plans to purchase OpenDNS for $635 million. 

Hubbard says BGP Stream will issue alerts within minutes any routing attack takeovers and "instability" on the Net spotted by BGPMon's network of sensors. Aside from following the Twitter feed, organizations can also write to the Twitter API to pull that information internally. BGP Stream will publish information on which systems are affected by their ASN and name, for example, he says.

In a typical BGP attack, the attacker basically says, "I own that block of IP addresses" and waits to see which networks accept the phony BGP route information, according to Hubbard. Networks that accept the malicious routing update as legit then could send traffic to the hijacked IP addresses, he says."You announce an address space that's not actually yours, and make the router believe you're the best path" for data, thus hijacking it, he says.

Hubbard and Toonk also plan to announce some DNS Stream monitoring feed as part of the BGP Stream tool, according to Hubbard.

[Register now for Black Hat USA.]

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Game Change: Meet the Mach37 Fall Startups
Ericka Chickowski, Contributing Writer, Dark Reading,  10/18/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.