Understanding IP Routing and Routing Attacks

Routers are what makes the Internet what it is. More specifically, routers are a central part of IP, the Internet protocol. When IP routing functions correctly the net runs well, when they don’t things are a mess. I’ll talk a bit about routing here, but if you aren’t familiar with routing and how the Internet works, check out Learning Tree Course 450, Introduction to Networking.

IP routers are fairly clever devices. The earliest ones were large cabinets and were built using PDP-11 computers. Today, routers can be quite small if they have only one Internet connection to manage.

How IP Routers Work

The job of IP routers is to connect multiple networks together. In my office I have a small router that connects my office network to that of my Internet Service Provider (ISP). Companies may have hundreds or thousands of routers depending on the size of the enterprise. A router, then sends packets from one network to another. If I try to connect to Learning Tree’s web site, my computer sends the packet to my router (since Learning Tree’s website is not on my office network) and my router sends it to my ISP. The routers at my ISP then send the packet in the direction of Learning Tree’s site. The routers that make up the backbone of the Internet (and I am simplifying a bit here in order not to get bogged down in minutiae) know how to reach Learning Tree. However, they update their information frequently so that they can change the path the packet is travelling should a link or router go down.

Routers

The way the routers maintain that information about what paths are up and what paths are down is because they talk to each other to communicate the state of the network.

Consider what would happen if a router in say, San Francisco told the routers on the Internet that it was directly connected to a network in Florida we’ll call foo. Nearby routers would send their traffic to foo via that router in San Francisco. That’s because routers in the Internet want to get packets to their destinations as quickly as possible, which is normally good. However, that router in San Francisco could actually be an evil trap that looks at the packets to see if there is anything interesting in them and then saves that information before sending the packet on to its true destination (or just throwing it away).

In fact, this has indeed happened before. Some may have been accidents, while some were malicious. Wired had a story last year about a hacker who allegedly re-routed traffic to steal Bitcoins. Network World ran a story a few years ago about multiple routing hacks. And recently some traffic destined for the UK was diverted to Ukraine.

How Can We Protect Ourselves?

What can we do to protect ourselves? Well, we can’t very well change how the Internet works. The issue there is that the protocols the routers use to communicate with each other (called Border Gateway Protocol) trusts the other routers. What we can do is to encrypt our data as it goes across the net so if bad guys do look at it, they won’t be able to do anything with it.

We talk about encrypting Internet traffic in Learning Tree’s System and Network Security Introduction and in the course Defending the Perimeter from Cyber Attacks. This is important stuff and I look forward to seeing you in one of those courses (or the networking course I mentioned above).

To your safe computing,
John McDermott

Type to search blog.learningtree.com

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.