BGP Route Hijacking

What is BGP Route Hijacking?

BGP Route Hijacking, also called prefix hijacking, route hijacking or IP hijacking, is the illegitimate takeover of groups of IP addresses by corrupting Internet routing tables maintained using the Border Gateway Protocol (BGP).

A prefix is announced using BGP with an IPV4 or IPV6 address block and also a path of AS numbers, indicating which ASNs the traffic must pass through to reach the announced address block. By maliciously manipulating BGP IP prefixes, an attacker (IP hijacker) can reroute traffic in order to intercept or modify traffic.

Internet-level BGP hijacking is performed by configuring an edge router to announce prefixes that have not been assigned to it. If the malicious announcement is more specific than the legitimate one, or claims to offer a shorter path, the traffic may be directed to the IP hijacker. Internet hijacking attacks will frequently target unused prefixes to hijack in order to avoid getting identified by the legitimate owner.

By broadcasting false prefix announcements, the new compromised router may poison the Routing Information Base (RIB) of its peers and could propagate to other peers in a short period of time, to other ASes, and onto the Internet, so identifying route IP hijacking as soon as possible is critical for the security of your network.