Cloud-delivered security provider OpenDNS is preparing to launch a new alert system designed to warn users when Border Gateway Protocol (BGP) incidents are discovered on the Internet.
The new tool, named “BGP Stream,” is powered by data collected by BGPmon, a network and routing monitoring services company acquired by OpenDNS in March.
BGP is an external routing protocol that plays an important role in the proper functioning of the Internet. The protocol is designed to connect networks on the Internet by making them aware of each other’s existence and establishing routing between them.
Currently there are roughly half a million routes between 50,000 unique autonomous systems on the Internet. While routing changes are highly common, some of them can hide potentially malicious activity.
In August 2014, Dell reported that cybercriminals had managed to steal cryptocurrency from mining pools via BGP hijacking. The attackers used bogus BGP announcements to direct traffic from the miners to mining pools they controlled.
BGP has also been involved in Internet blackouts, including the 2012 and 2013 outages suffered by Syria. A more recent case involving BGP came to light last week when files leaked from Italian spyware maker Hacking Team revealed that the company leveraged BGP hijacking to help the Italian National Military Police regain access to clients running remote access tools.
A network of BGP probes, classifiers, and alerts operated by BGPmon enable the company to identify malicious hijacks and outages involving the routing protocol. Through BGP Stream, security researchers, IT professionals, and the general public will be alerted of these incidents. By subscribing to the stream, users will be constantly informed on potentially damaging network changes that affect traffic flows.
BGP Stream will be easy to use because it uses Twitter to send out alerts on BGP incidents. The information will be available to companies and researchers through a client or the web browser, by accessing the BGP Stream Twitter account just like they would any other account. The stream will also be accessible via the Twitter API, which allows developers to follow accounts and programmatically pull updates from them.
“Essentially, we’re sharing this threat information in the public domain. We’re still at the early stages of threat information sharing in the information security industry, but hopefully efforts like this will inspire more vendors and researchers to undertake these kinds of projects,” Dan Hubbard, CTO of OpenDNS, told SecurityWeek.
In addition to BGP alerts, BGP Stream will leverage OpenDNS’s deep visibility into DNS traffic to inform users about distributed denial-of-service (DDoS) attacks.
The tool will become available at the beginning of August after Hubbard and BGPmon founder Andree Toonk will detail BGPStream in a talk at the Black Hat security conference in Las Vegas.
“Due to the nature of the BGP protocol, a BGP route outage or hijack can affect the entire user base of a network. There are some instances where entire countries have ‘fallen off the Internet’ or organizations have had all of their external network traffic rerouted, for potentially nefarious purposes,” Hubbard said. “BGP Stream will be what we believe is the first public alert system for these widespread outages. We’re hoping that both regular users and security researchers will be able to use it to keep abreast of the latest outages and hijacks.”

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
