BGP Error Handling Flaw Leads to Prolonged Network Outage


BGP is the backbone protocol and the internet’s “glue,” which directs the routing decisions between ISP networks to hold the internet under a set.

In short, this protocol, BGP, is completely an essential element necessary for the internet’s proper functionality.

Edge device software implementing BGP isn’t perfect, with both commercial and open-source versions showing issues in this crucial routing protocol.

While many flaws are minor and related to routing issues, a concerning BGP bug can propagate like a computer worm.

The owner of BGP[.]Tools, Ben Cartwright-Cox found this flaw; It’s a company that offers BGP monitoring services for issue detection and resolution.

Mistaken Attribute

A small Brazilian network reannounced a route with a corrupted attribute on June 2, 2023, potentially affecting the intermediate routers.

Many routers ignored the attribute, but Juniper routers understood, and the error response shut BGP sessions, impacting internet connectivity for distant networks.

Besides this, the BGP errors suspend the session, pausing customer traffic until auto-restart is done, which usually takes seconds to minutes.

BGP Error Handling Flaw Leads to Prolonged Network Outage
Session shutdowns (Source – Benjojo)

This affected multiple carriers, like COLT, whose outage brought attention to the issue.

BGP Error Handling Flaw

Each route attribute begins with flags, including the crucial ‘transitive bit’:-

BGP Error Handling Flaw Leads to Prolonged Network Outage
Transitive bit (Source – Benjojo)

If an attribute’s transitive bit is set and a router doesn’t understand it, it copies to another router, potentially causing blind propagation of unknown information.

BGP shutdowns disrupt traffic and can propagate like a worm. While the attributes unknown to one implementation might cause another to shut down, the crafted BGP UPDATE could target a vendor and pull a network offline.

BGP Error Handling Flaw Leads to Prolonged Network Outage
Troublemaker (Source – Benjojo)

This attack remains, as the malicious route stays in the peer router; even after a restart, it triggers another reset when transmitted which leads to prolonged outages.

Moreover, to test whether various BGP implementations are impacted or not, the security analyst developed a basic fuzzer.

Unimpacted Vendors

Here below, we have mentioned all the vendors that have not been impacted:-

  • MikroTik RouterOS 7+
  • Ubiquiti EdgeOS
  • Arista EOS
  • Huawei NE40
  • Cisco IOS-XE / “Classic” / XR
  • Bird 1.6, All versions of Bird 2.0
  • GoBGP

Impacted vendors

Here below, we have mentioned all the impacted vendors:-

  • Juniper Networks Junos OS
  • Nokia’s SR-OS
  • Extreme Networks’ EXOS
  • OpenBSD’s OpenBGPd
  • OpenBSD’s FRRouting

Reporting & Responses

These findings were reported to all the impacted vendors by Cartwright-Cox. After being notified, the following responses were observed from the impacted vendors:-

  • OpenBSD issued a patch
  • Juniper assigned CVEs
  • FRR also assigned CVEs
  • Nokia hasn’t addressed the problem
  • Extreme also hasn’t addressed the problem

Apart from this, despite the vendor silence, organizations can take mitigatory steps to prevent potential exploitation.

Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.





Source link