Security News > 2021 > May > Comcast now blocks BGP hijacking attacks and route leaks with RPKI

Comcast now blocks BGP hijacking attacks and route leaks with RPKI
2021-05-20 19:16

One of America's largest broadband providers, has now deployed RPKI on its network to defend against BGP route hijacks and leaks.

"In practical terms, it means that Comcast now both cryptographically signs route information and validates the cryptographic signatures of other networks' route information."

BGP route hijacking occurs when a malicious entity manages to "Falsely advertise" to other routers that they own a specific set of IP addresses when they don't.

BGP route leaks are similar to BGP route hijacking, except the latter more specifically refers to instances of malicious activity taking place.

In either case of a BGP route leak or BGP hijacking, an Autonomous System announces that it knows "How" or "Where" to direct the traffic meant for certain destinations that in actuality it does not know.

"Digitally signing information provides assurance that routing advertisements seen in the routing system can be verified and are authentic," states APNIC's guide on RPKI. This helps networks trust the integrity of route information they are receiving and helps in preventing a DoS incident from an incident of BGP route hijacking or leaks.


News URL

https://www.bleepingcomputer.com/news/security/comcast-now-blocks-bgp-hijacking-attacks-and-route-leaks-with-rpki/