Let Us Learn,  News and Threat Analysis

MISCONFIGURED BGP PROTOCOL BY VODAFONE AFFECTED 20,000 GLOBAL NETWORKS ON THE INTERNET

It is very natural for humans to do mistakes while doing work. Sometimes we do such kind of mistakes that has no effect on other’s life but sometimes we do such mistakes that has an adverse effect on other’s life. Infact, sometimes our mistakes can also turn someone’s life. If we talk about machines, we are the one who designs them. There is no doubt on this fact that nowadays machines can automate any tasks but we must also not forget this fact that machines run only on the scripted tasks that are written by humans. They do not have sense to judge the consequences. Although in today’s time, Artificial Intelligence is so evolving that technologies are nowdays can replace the human’s decision to some extent but it always lag control what actually a human brain can do.

Based on our small discussion above, Cisco’s BGPMon have recorded hijacking of network routing paths that has not caused intentionally but has seriously affected some reputed MNC’s networks. The hijacking took place due to some misconfiguration of BGP protocol by Vodafone India that affected 20,000 networks globally. Let’s understand about this hijacking with some more depth.

UNDERSTANDING BGP HIJACKING

We all know that Internet is the networks of networks and of networks. If we talk in more complex terms, here all three “networks” have a slightly different meaning from each other. The first network which we mentioned about is the complex network of publicly available networks. The second network which we mentioned about is the sort of network of Autonomous System that makes a public network. The third network which we mentioned about is the internal networks that is basically formed by Autonomous Systems owned by ISPs. At this point, this question comes into mind what the Autonomous systems actually are?

We can consider an Autonomous systems to be a server or if we talk about in more layman language, it can be considered as router that forms a network from those switches that are specific to districts or a particular area through which the ISPs deliver internet services through modern routers at our home. You can imagine how many levels are present before you access the internet!

Before taking our discussion further, let’s understand some brief about DNS. We all know this fact that DNS is responsible for converting domain names to their actual IP address. Have you ever wonder how this resolution takes place at a higher level? At a very basic level DNS queries the stub resolver that is also known as the client-side resolver and it is recursive. It basically check the cache data or some network files in your systems and if it is able to resolve it, the browser immediately redirects to that IP address data and if it does not able to resolve it, it passes domain name to other routers on its network  that perform the resolution of domain name at different level. Now you may have noticed on internet that many experts are advising you to change your DNS servers to either 8.8.8.8 or 1.1.1.1. What it actually means that after the query has not been resolved by the stub resolvers, the query must redirect directly to 8.8.8.8(for Google) and 1.1.1.1(for Cloudflare) for resolving the domain names. But if you have not set these IP addresses manually in your systems, then these domain names are automatically resolved by your ISP.

In case of ISP, when you query a domain name, your router first queries other routers in its network. If any router available in your network (to which router is a part of) knows about it, then it returns the resolved domain name otherwise this query keeps on travelling from routers to routers or servers and may be some router/server on the other network. To keep exchanging routing information from outside networks, there is a need of protocol and there is what Border Gateway Protocol comes into action. According to Wikipedia, “Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet.“ Therefore, these Autonomous Systems must have to keep a record of routing information they are aware about on the internet and advertise them wisely so that other AS can exchange routing information with them. If these Autonomous systems circulate wrong routing information, then the whole network comes in danger.

Please Note:- BGP protocol is not specific only to DNS queries. It is general for all queries made on the internet.

MISTAKE BY VODAFONE, SUFFERED BY MANY

The Vodafone India Limited autonomous system with ASN number AS55410 mistakenly advertised 30,000 BGP prefixes or routes, when it didn’t, causing the internet to flood this network with traffic that was not meant to go through it. This mistake affected 20,000 prefixes from global autonomous networks including Google which was identified by BGP expert Anurag Bhatia. Some of the list of popular affected were as shown below:

To access the complete list of affected list of all networks, click here.

CONCLUSION

We saw how just a small misconfiguration of networking devices and protocols can cause a massive outbreak in other networks. It is therefore suggested to all internet handling and servicing organizations to carefully look after such corporates or individuals to looks after them and take stricter actions against them.