Border Gateway Protocol (BGP and MP-BGP)¶
Protocol reference material for BGP and MP-BGP, covering session types, path selection, address families, and terminology, lives in the Grimoire. This section contains attack trees only.
Beneath the surface of the internet, the Border Gateway Protocol (BGP) maps which networks can reach which others and by which path. The routing decisions it produces follow not the shortest path but the most acceptable one: a calculation over peering agreements, commercial relationships, and policy preferences, applied at every autonomous system boundary on the way to the destination.
Each network announces to its neighbours which destinations it can reach. Those announcements are accepted on trust, extended based on private agreements rather than verified against any cryptographic proof. A misconfiguration or a deliberate lie propagates through that trust network with the same authority as a legitimate announcement. RPKI provides a mechanism for route origin validation, but deployment is incomplete and uneven. The system functions because most participants behave, and degrades when they do not.
A global routing system built on trust, making it vulnerable to hijacking and misdirection.
- BGP as a strategic attack surface
- Attack tree (BGP and MP-BGP)
- IPv4 prefix hijacking
- IPv4 path manipulation
- IPv4 infrastructure attacks
- Multiprotocol label switching (MPLS) attacks (MP-BGP)
- Address family exploitation (MP-BGP)
- MP-BGP session attacks
- RPKI infrastructure attacks
- DDoS amplification attacks
- Cryptographic attacks on routing protocols
- BGP and DNS infrastructure attacks
- BGP + CDN/Cloud infrastructure attacks