CAPEC-584 Metadata
Likelihood of Attack
Low
Typical Severity
High
Overview
Summary
An adversary suppresses the Border Gateway Protocol (BGP) advertisement for a route so as to render the underlying network inaccessible. The BGP protocol helps traffic move throughout the Internet by selecting the most efficient route between Autonomous Systems (AS), or routing domains. BGP is the basis for interdomain routing infrastructure, providing connections between these ASs. By suppressing the intended AS routing advertisements and/or forcing less effective routes for traffic to ASs, the adversary can deny availability for the target network.
Prerequisites
The adversary must have control of a router that can modify, drop, or introduce spoofed BGP updates.The adversary can convince
Potential Solutions / Mitigations
Implement Ingress filters to check the validity of received routes. However, this relies on the accuracy of Internet Routing Registries (IRRs) databases which are often not well-maintained. Implement Secure BGP (S-BGP protocol), which improves authorization and authentication capabilities based on public-key cryptography.
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-582 | An adversary disables the network route between two targets. The goal is to completely sever the communications channel between two entities. This is often the result of a major error or the use of an "Internet kill switch" by those in control of critical infrastructure. This attack pattern differs from most other obstruction patterns by targeting the route itself, as opposed to the data passed over the route. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.