BGP Stream

Presented at Black Hat USA 2015, Aug. 6, 2015, 12:10 p.m. (50 minutes)

BGP is the fabric of routing on the Internet today. There are approximately half a million routes on the Internet originated by about 50,000 unique Autonomous Systems. On a typical day there are thousands of changes and although the vast majority of these are simply planned routing changes, configuration updates, and network additions there are signals in the noise that can be detected as nefarious. Throughout the last couple years there have been several large scale BGP incidents, such as outages and hijacks of networks that have been done using BGP. These include government sponsored regimes taking entire countries offline and criminals routing traffic for profit.

BGPmon has been operating a network of BGP probes, classifiers, and associated alerts on these changes and has discovered and publicized several attacks that utilize BGP.

Today, we are announcing BGP Stream. This stream will be publishing on Twitter and open to everyone with a goal of announcing potentially malicious BGP/ASN data. By subscribing to the stream one can monitor and alert potentially damaging network changes that affect traffic flows.

Presenters:

• Andree Toonk - OpenDNS
  Andree Toonk is the manager of network engineering at OpenDNS. AtOpenDNS Andree is responsible for the OpenDNS global Networkarchitecture, development, implementation and operations of theOpenDNS infrastructure. Managing all aspects: transit, peering, anycast, DDOS mitigation, facilities, routing, switching, firewalls,etc. Andree is the founder and lead developer of BGPMon.net, where hespecializes in BGP routing and BGP security incidents, such as routinghijacks and large scale outages.Andree received his M.Sc. degree in System and Network Engineeringfrom the University of Amsterdam. He has presented about networksecurity at network engineering conferences around the world, such as Nanog and Terena and Canheit.
• Dan Hubbard - OpenDNS
  Dan Hubbard is the Chief Technology Officer for OpenDNS. A pioneering force in Internet security for more than 20 years, Dan's expertise spans from reputation systems to large scale data mining of the Internet and advanced classification systems. Dan joined OpenDNS to expand the company's breadth and depth of knowledge of security and products, assist in delivering disruptive new technologies, and drive innovation company-wide. Prior to OpenDNS, Dan was the CTO at Websense, where he was responsible for research and development of existing and new technologies, investigating technology trends, and driving innovation globally across the company. Additionally, he conceived, built, and managed the Websense Security Labs. Dan has presented at almost every major security conference around the globe, appeared on several international media outlets, and is frequently quoted in the media.

Links:

• https://www.blackhat.com/us-15/briefings.html#bgp-stream
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2015/video/Black Hat USA 2015 - BGP Stream.srt (subtitles)
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2015/video/Black Hat USA 2015 - BGP Stream.mp4
• https://www.youtube.com/watch?v=MDTXfvECcMQ

Similar Presentations:

• DEF CON 31 (2023) / Route to bugs: Analyzing the security of BGP message parsing
• VB2016 / Last-minute paper: BGP - From Route Hijacking to RPKI: How Vulnerable is the Internet?
• Black Hat USA 2015 / Internet Plumbing for Security Professionals: The State of BGP Security