A closer look at a BGP anomaly in Venezuela
4 months ago
- #Internet Routing
- #Cybersecurity
- #BGP
- Venezuelan ISP CANTV (AS8048) experienced multiple BGP route leaks, impacting internet routing.
- Route leaks involve improper propagation of routing announcements beyond intended scopes, often due to misconfigurations.
- The leaks observed involved AS8048 redistributing routes from its provider AS6762 to another provider AS52320, violating BGP best practices.
- Analysis suggests these leaks were likely due to poor technical practices rather than malicious intent.
- The relationship between AS8048 and AS21980 (Dayco Telecom) is provider-customer, making the leaks more concerning.
- Prepending in BGP advertisements by AS8048 made the routes less attractive, counter to what would be expected in a malicious attack.
- Route leaks by AS8048 are not isolated incidents; multiple similar events have occurred since December.
- RPKI Route Origin Validation (ROV) would not prevent these path-based anomalies; ASPA (Autonomous System Provider Authorization) is needed.
- ASPA, an upcoming standard, aims to validate paths and prevent route leaks by defining authorized providers for each AS.
- Adoption of RFC9234 and mechanisms like Peerlock can help prevent route leaks and improve BGP security.