An Internet-Scale Feasibility Study of BGP Poisoning as a Security Primitive

Jared M. Smith, Kyle Birkeland, Tyler McDaniel, and Max Schuchard

BGP poisoning, a known side-effect of the Border Gateway Protocol, employs BGP’s loop detection mechanism to give an Autonomous System inbound path influence. The viability of a range of recent network measurement, censorship-circumvention, and DDoS defense systems depend on the feasibility of BGP Poisoning. Simultaneously, other proposed systems assume the opposite, that BGP Poisoning is infeasible in practice. Building on a foundation of active measurements, we address the growing division in research and operational ideology concerning BGP poisoning. This work explores what is, and is not, feasible on today’s Internet.

Our results point to the fact that there is truth in both side’s arguments. With poisoning, we can change a remote network’s best path to our router in over 77% of cases. These results demonstrate that BGP poisoning is viable in practice, but less than prior studies conducted in simulation only. When successful, we observe that poisoning can steer onto 26 unique paths at maximum and nearly 3 unique paths on average. We also explore the prevalence of filtering that prevents poisoned path propagation. We find over 80% of observed ASes from route collectors will propagate a poisoned path of 250 ASes in length in the same manner as a non-poisoned path of normal length. However, we discover and characterize large amounts of ASes that do filter poisoned paths.