Wednesday, 7 August 2013

What Glues Together The Internet

The Internet operates in a way can sometimes seem like magic. Data not only knows where to go but also what route to take. That routing is vital to the successful operation of the Internet, as without it data would literally get lost or go via systems that would render the journey so slow as to be useless. And, it all relies upon something called Border Gateway Protocol (BGP).

As with other protocols, BGP is set out in a standard from the Internet Engineering Task Force (IEFT) called RFC 4271.

Relationships Between ISPs
To understand BGP one needs to start by realising that the Internet is a series of networks that are interconnected.  Hence, the terms "Internet".  This requires those operating that series of network (known as peers) to have a means of agreeing how data is passed between them, and how data will transit their network so that it can reach the network of a third party.

Those that provide access to the Internet have a reasonably complex relationship with each other.  There are different "tiers" starting with operators of the largest networks as Tier 1 (eg Google, Microsoft, et al) down to Tier 3 providers who might well be those who ultimately provide access to you as a home user.

Some relationships are direct between peers but some interconnectivity is also provided by a global network of Internet Exchanges such as the London Internet Exchange (LINX).

How traffic is directed through the Internet can be thought of in two parts:

  1. The way in which data is routed within an Autonomous System (AS), which is a part of the network that is under the control of a single organisation.  It uses protocols such as Open Shortest Path First (OSPF).
  2. The interconnections between the AS's. This is where BGP is used, and it advertises a network within an AS to it's peers.  It doesn't say how data will be routed within the AS but it does says how it is connected to other networks, including those IP addresses it uses.
Most users are aware that they are given an IP address when they connect to the Internet. The tricky part is when you attempt to send data to another IP address: you need to know what network it is on so that you can decide who to send it to to be routed on its journey. The problem is that there is no central authority to which you can refer.  Whilst there are those who allocate IP addresses but there is no definitive list you can check.

However, all of this information is shared between networks using a set of "routing tables" but these tables are updated and exchanged on the basis of trust between peers. All of the routers under the control of a particular ISP rely upon the data it receives from another ISP. And there's the rub.

If someone were able to corrupt these routing tables then they could spoof IP addresses ie they could have data intended for a particular address sent to them.  Not a trivial a task. Not something for those lacking in technical ability. But, if someone were able to gain control of a router run by an ISP it could be done.

So, how easy is it to gain control of a router? Not surprisingly the ISPs have been making it more difficult over time, and they guard access, so it is not trivial.  However, there are many ISPs (estimates are up to 40,000) running very many routers so it's not unknown for some to be left with default passwords, or even for back doors to emerge that allow remote access. Hence, whilst not easy the effect of it happening across swathes of the Internet are profound.

BGP spoofing is very difficult to defend against. There are ways to mitigate attacks but no universal defence exists (that I know of).

The outstanding question is how prevalent are such attacks?  I'm not sure anyone really knows.  It's certainly an area worthy of further research.  It is a topic that has not been discussed as widely as other attacks, primarily because other forms of attacks are considered more damaging.  However, I can't help thinking that BGP spoofing could be used as a means of delivering the more damaging attacks and as such it really needs to be understood better.