Page 93 - SAMENA Trends - May 2020
P. 93
ARTICLE SAMENA TRENDS
improve your own network security investment to your customers. participating in the MANRS initiative with
posture and make it more resilient to As more networks adopt the MANRS Bangladesh having the highest number
routing incidents. Actions, it will become easier to identify of MANRS conformant networks with
2. Leverage Market Power: Organizations these bad actors, and ultimately restrict 6. Nevertheless, networks in the region
can encourage - or even demand - their or even completely drop traffic from those already show high levels of conformance
Internet Service Providers (ISPs) follow networks. Downtime costs money, and with the MANRS Actions and we would
the best practices outlined in MANRS. users need confidence that their data is therefore encourage them to lead by
Including MANRS participation in RFP, safe and secure. example by publicly demonstrating their
tender, and purchasing processes commitment to routing security.
can help establish a security-forward There’s over 3,500 networks in the
posture and communicate a security SAMENA region, but just 17 are currently
Types of Routing Incidents
Issue Explanation Repercussions Example
Prefix/Route/BGP A network advertises IP addresses it Packets are forwarded A Bitcoin thief redirected a portion
Hijacking doesn’t hold, masquerades as another to the wrong place, of online traffic from multiple
network by announcing a fake AS number, potentially causing Denial ISPs to steal at least $83,000 in
or falsely announces that it’s able to of Service (DoS) attacks or cryptocurrency. [1]
forward traffic to another network. traffic interception.
Route Leak Similar to hijacks, but often the result of Packets are forwarded A small company in Pennsylvania
accidental misconfiguration by a network to the wrong place, became a preferred path of many
operator. potentially causing Denial Internet routes through Verizon,
of Service (DoS) attacks or causing web traffic outages at
traffic interception. Cloudflare, Facebook, Amazon, and
others for three hours. [2]
IP Address A network generates traffic with false A root cause of reflection 1.35 Terabits per second of
Spoofing source IP addresses to hide the identity DDoS attacks, where a traffic hit the developer platform
of the sender or to impersonate another victim receives a large GitHub all at once. It was the most
computing system. volume of response powerful DDoS attack recorded to
packets it never requested. date. [3]
[1] https://www.wired.com/2014/08/isp-bitcoin-theft/
[2] https://www.theregister.co.uk/2019/06/24/verizon_bgp_misconfiguration_cloudflare/
[3] https://www.wired.com/story/github-ddos-memcached/
About the Author
Aftab Siddiqui joined the Internet Society (ISOC) as a Technical Engagement Manager in November 2016. Siddiqui has been a key contributor to the
global, regional, and local efforts in the APNIC community and has been an active participant in SANOG, APNIC/APRICOT and MENOG for many years.
93 MAY 2020
