BGP is gaining renewed attention as a security risk, though it always has been since its invention in the 1980s. Blackhat USA 2015 featured three sessions on BGP alone, and all three had a unifying reinforcement of truths in BGP. The first is, despite being a backbone of the Internet, BGP is highly insecure–as has been highlighted previously. The second is monitoring remains the main method of finding and reacting to outages and attacks on BGP.
Wim Remes, manager of strategic services at Rapid7, said BGP is both an easy attack vector and a highly important source of information about ongoing attacks. “I think BGP information is very valuable from a threat intelligence perspective,” he said. “Using BGP information to detect when a hijack is occurring is incredibly valuable.”
But while there are options for securing BGP like RPKI and BPGSec, these preventative measures do not yet have wide adoption, which means most service and content providers do not protect against leaks and hijacks.
To help close the gap in the lacking resources for BGP issues, OpenDNS CTO Dan Hubbard and Network Engineering Manager Andree Toonk announced a free, real-time feed of BGP outages and hijacks called BGP Stream. The tool will utilize BGPmon’s monitoring engine, and cull the largest and most important events, then post those to a Twitter feed. In addition, the tool will provide links to a site where users can find more contextual information about the events, including a live map of BGP outages.
The duo also announced DNS Stream, a similar service that will monitor for DNS events and publish them to a Twitter feed. The published events will give indicators to DNS attacks and outages in real-time, just like BGP Stream. Hubbard and Toonk see the two services as complementary to each other and can provide a very useful resource for security professionals and network owners.
As far as the choice to publish to Twitter, Hubbard emphasized its social nature and the use of real-time publishing. “Twitter is a great way to announce things, and share data. But it’s also a great way to programmatically consume information.” He also added that he hopes this will be a start of a community that shares and announces issues with BGP and DNS, decreasing the disclosure time and making it easier for companies, network owners, and providers to react quicker to outages.