• +98 (713) 234 0478
  • info [at] denylist.com
  • Persian

BGP hijacking

Anycast addressing uses a one-to-nearest association. Packets are routed from a single sender to the nearest node in a group of receiving nodes. To implement this addressing method, you need Border Gateway Protocol (BGP).

BGP hijacking

BGP anycast announces the destination IP address range for receiving nodes. All receiving nodes have the same destination address, and packets are sent to the nearest member.

It's common for large organizations to connect to two or more internet service providers (ISPs). The ISPs, in turn, connect to other network providers. In both instances, the network administrators need to ensure the BGP anycast has been configured properly. Proper BGP anycast configuration enables an operator, such as a certified network administrator, to use an intermediate router to hijack any packets to the nearest nodes. The main purpose of this legitimate hijacking is to improve traffic flows.

Improper configuration opens the network to hackers who can exploit BGP hijacks for malicious purposes, like distributed denial-of-service (DDoS) attacks. For example, a hacker can set up a rogue network host to advertise itself as an anycast server for a virtual network to block service. Blocking service is achieved by launching DDoS attacks to the nearest nodes. This could be done by redirecting a large amount of malicious traffic to the destination IP addresses. The hacker then has no control over which node is the nearest node.