An Internet-Scale Feasibility Study of BGP Poisoning as a Security Primitive
share
The security of the routing infrastructure as a set of protocols and routing process has underpinned much of the past two decades of distributed systems security research. However, the converse is becoming increasingly true. Routing and path decisions are now important for the security properties of systems built on top of the Internet. In particular, BGP poisoning leverages the de facto routing protocol between Autonomous Systems (ASes) to maneuver the return paths of upstream networks onto previously unusable, new paths. These new paths can be used to avoid congestion, censors, geo-political boundaries, or any feature of the topology which can be expressed at an AS-level. Given the increase in use of BGP poisoning as a security primitive for security systems, we set out to evaluate the feasibility of poisoning in practice, going beyond simulation. To that end, using a novel multi-country and multi-router Internet-scale measurement infrastructure, we capture and analyze over 1,400 instances of BGP poisoning across thousands of ASes as a mechanism to maneuver return paths of traffic. We additionally analyze filtering of BGP poisoning, connectivity concerns when poisoning, the presence of ASes that completely ignore poisoned providers, and finally an exhaustive measurement of a first-of-its-kind upper bound on the maximum path length of the Internet.
READ FULL TEXT