Atman Prevents IP Address Hijacking and BGP Route Manipulation

08.08.2024
Product news

Systemic protection against BGP hijacking (a.k.a. address hijacking), based on Resource Public Key Infrastructure (RPKI), covers the Atman Business Internet and Atman Basic Internet services.

With RPKI in place, companies and institutions using public IP addresses leased from Atman (Provider Aggregatable, PA) can be sure that any hostile takeover attempts of Internet traffic directed to them will fail.

In addition, the RPKI filtering mechanism minimizes the threat of BGP route manipulation for outbound traffic, that is data sent by Atman’s Internet service customers to other Internet users.

 

BGP Hijacking

Unauthorized takeover of public IP addresses involves impersonating their owner so that information packets sent to those addresses are forwarded to the hijacker’s designated router and then routed accordingly.

In most cases, the hijacked IP traffic eventually reaches its intended destination, albeit via a circuitous route. Note, however, that there is no guarantee that the fiber was not tapped somewhere along the way, or even that some of the transmitted data was not lost as a result of the digital hijacker’s deliberate actions.

There are also situations where hostile seizure of IP addresses results in their users being completely cut off from incoming traffic until a proper BGP route is restored. This means that any packets sent to them during this time will be lost.

 

Resource Public Key Infrastructure (RPKI)

RPKI technology is an industry standard for telecom operators to validate Border Gateway Protocol (BGP) routes to public IP addresses.

Validation is based on digital certificates (cryptographic signatures using a digital key architecture) that RPKI assigns to public IP address ranges that operators declare to be theirs.

In this way, operators can be assured that the registered IP addresses are associated with the correct Autonomous System Numbers (ASNs), and that traffic to those addresses is sent over trusted BGP routes. BGP routes originating from other, and therefore unreliable, sources are rejected.

 

ISP Verification

To check if your ISP’s network is protected against BGP hijacking, go to isbgpsafeyet.com i kliknij „Test your ISP”.

Is BGP safe yet test successful
Source: isbgpsafeyet.com

More Information on Atman Business Internet and Atman Basic Internet Services

Check out Internet access from Atman