BGP Error Handling Flaw Leads to Prolonged Network Outage

BGP is the backbone protocol and the internet’s “glue,” which directs the routing decisions between ISP networks to hold the internet under a set.

In short, this protocol, BGP, is completely an essential element necessary for the internet’s proper functionality.

Edge device software implementing BGP isn’t perfect, with both commercial and open-source versions showing issues in this crucial routing protocol.

While many flaws are minor and related to routing issues, a concerning BGP bug can propagate like a computer worm.

The owner of BGP[.]Tools, Ben Cartwright-Cox found this flaw; It’s a company that offers BGP monitoring services for issue detection and resolution.

A small Brazilian network reannounced a route with a corrupted attribute on June 2, 2023, potentially affecting the intermediate routers.

Many routers ignored the attribute, but Juniper routers understood, and the error response shut BGP sessions, impacting internet connectivity for distant networks.

Besides this, the BGP errors suspend the session, pausing customer traffic until auto-restart is done, which usually takes seconds to minutes.

This affected multiple carriers, like COLT, whose outage brought attention to the issue.

Each route attribute begins with flags, including the crucial ‘transitive bit’:-

If an attribute’s transitive bit is set and a router doesn’t understand it, it copies to another router, potentially causing blind propagation of unknown information.

BGP shutdowns disrupt traffic and can propagate like a worm. While the attributes unknown to one implementation might cause another to shut down, the crafted BGP UPDATE could target a vendor and pull a network offline.

This attack remains, as the malicious route stays in the peer router; even after a restart, it triggers another reset when transmitted which leads to prolonged outages.

Moreover, to test whether various BGP implementations are impacted or not, the security analyst developed a basic fuzzer.

Here below, we have mentioned all the vendors that have not been impacted:-

Here below, we have mentioned all the impacted vendors:-

These findings were reported to all the impacted vendors by Cartwright-Cox. After being notified, the following responses were observed from the impacted vendors:-

Apart from this, despite the vendor silence, organizations can take mitigatory steps to prevent potential exploitation.

Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.