When companies want to advertise to the internet that packets meant for a specific IP address should be routed to them, I'm assuming they use BGP, though I only have a vague notion of how BGP works (Kind of like the Dijkstra search algorithm), but what keeps a random Joe from telling the world that packets for 8.8.8.8 should be routed to them, for example?
Asked
Active
Viewed 64 times
1 Answers
4
In theory: BGP filters based on information from routing registries (the IRR), as well as cryptographic verification based on RPKI.
In practice: nothing much.
Good ISPs do filter what prefixes a customer may advertise (though often the filters are built manually), but hijacks, both accidental and malicious, still pop up in the news every so often. There is a Wikipedia article about it.
(Though I would assume sometimes it doesn't work purely because the legitimate paths end up being shorter (and therefore more preferred) than the false ones. I may be wrong.)
And of course, in order to use BGP you need to already own an AS-number and have peering arrangements with some ISP, so that alone raises the bar from "average Fred" to someone who has signed a few contracts – hopefully not under a false name, too.
grawity
- 501,077