Nederlandse Network Operators gooien RPKI in de strijd tegen IP hijacking

Morgen vindt in Amsterdam de 5e editie van de NLNOG Day plaats. Hét evenement voor de Nederlandse Network Operator. Een evenement voor techneuten door techneuten met als doel het bevorderen van de samenwerking tussen de in Nederland opererende netwerken. Dit jaar staat de strijd tegen IP of BGP hijacking middels de invoering van RPKI stevig op de agenda. Verschillende Nederlandse netwerk partijen waaronder Fusix Networks, AMS-IX, Coloclue, AMSIO, atom86 en TRUE gingen al aan de slag met RPKI binnen hun infrastructuur en daarmee is Nederland koploper. Connectivity Provider atom86 publiceerde gisteren dit artikel (“atom86 – Leveraging RPKI to make the Internet a safer place”) over het hoe en wat van RPKI en waarom de invoering ervan het Internet weer een stukje veiliger maakt.

IP routing, the soft underbelly of the web
Internet protocol (or IP) routing is all about sending network packets from its source within a network to a destination within a different (remote) network. For Internet this is usually done by routers running BGP (Border Gateway Protocol). BGP is the routing protocol that makes the Internet work. It’s the way in which networks communicate with each other to exchange Internet traffic. It is also considered, however, the classic soft underbelly of the web: routers exchange information and by default they trust each other. This means that when a range of IP addresses, a so-called IP prefix, is announced by a router it is accepted by its neighbor by default. The prefix is then installed into the routing table, advertised and propagated to other Autonomous Systems (AS networks) without checking if the AS owns the prefixes that it announces. In fact, anyone with an AS number can announce any prefix. It is a system built on trust, an undeserved trust at times.

IP hijacking is a common tactic used by cybercriminals

IP hijacking is the illegitimate takeover of groups of IP addresses by corrupting Internet routing tables maintained using BGP. Either intentionally or accidentally. IP or BGP hijacking is a common tactic used by both cybercriminals and nation-states for financial gain, surveillance (eves dropping) and censorship. As recent as early august researchers discovered a wave of BGP hijacking attacks aimed at DNS servers related to US payment-processing systems in an apparent effort to steal money from unsuspecting users. Last April 13.000 dollar in cryptocurrency was stolen during an IP hijack.

Extra protection against hijacks with RPKI

The Resource Public Key Infrastructure (RPKI) is a specialised public key infrastructure (PKI) framework designed to secure IP routing by providing a way to couple an IP address range to an autonomous system and provide certified lists of IP prefixes and their valid origins. RPKI can be used by the legitimate holders of the IP resources to control the operation of Internet routing protocols to prevent hijacking and other attacks. By leveraging RPKI, connectivity providers, like atom86, can provide an extra layer of security to their customers.

More informed decisions with RPKI

atom86 is one of the first connectivity providers worldwide to deploy RPKI in its network. Within the atom86 network RPKI invalid origin networks are rejected. By doing so we can protect our customers from sending traffic to networks with ill intent announcing prefixes for which they should not receive information. We can now make more informed decisions about when to route the user traffic or not. Making the Internet, or at least our part of it, a safer place.