In Part 1, we discussed what routing is and how data is sent across the Internet, and in Part 2 we discussed how routers work to build maps of the Internet and direct traffic. It’s all been working mostly well for 25+ years, hasn’t it? Why are we even talking about something that just … works? In this post, we’ll look at some of the security issues with the global routing system.
At its core, the routing system is built on trust among networks. Tens of thousands of individual networks make independent decisions while also interoperating as one global Internet. The intertwined nature of these networks contributes to the Internet’s resilience, scalability, and ease of adoption. With no single point of failure, the routing system is difficult to break on a global level – if a path fails, a network can simply choose to route traffic around the problem area. Unfortunately, the same qualities that ensured the Internet’s overall success also contribute to some of its challenges.
In Part 1 we compared routing to online dating and talked about how hard it is to trust someone you meet on the Internet because there’s no way to verify your potential beloved is telling the truth. Similarly, because BGP was developed so long ago, at a time when the Internet was a small, mostly academic endeavor with a small community of folks who all knew each other, it has no built-in mechanism to validate that announcements sent by the routers are either legitimate or correct. In fact, it’s remarkably easy for any network to announce anything – whether unintentionally or deliberately. This also means it’s very easy for things to end in disappointment – much like the dating game.
In 2018 alone, there were over 12,000 routing incidents. Incidents like route leaks, route hijacks, and IP address spoofing each have the potential to slow down Internet speeds or even to make parts of the Internet unreachable, thus disrupting the ability of companies or users to access critical services or information. Packets can also get diverted through malicious networks, providing an opportunity for surveillance.
In the next post, we’ll talk about route hijacks, route leaks, and IP address spoofing in more detail. Check back tomorrow!