Manipulating Malicious Traffic: BGP FLOWSPEC and Dynamic Redirect

December 15 2011

The capability of the Internet today is vast – we have the capacity to pay our bills, purchase products from anywhere in the world, reconnect with old friends and even find our soul mate at the click of a mouse. But with the good always comes the bad – the measureless ability of the Internet has also caused compromised security due to growing presence of hackers, identity thieves and scam artists. As fast as we implement ways to deter these attacks, enemies find ways to penetrate back into our email, bank accounts and lives. Secure Mission Solutions thinks it is time to do something different – time to think outside the box and look at using technology that already exists, and use it to its full potential. 

Abstract: Most defenses constructed over the last two decades are focused on perimeter, with key location for visibility of all data moving in and out of the enterprise. But with the increase in data rates, Internet-hosted applications and data sharing, and explosion of “quality of life” social communications being made available to employees, those perimeter defenses are “drinking from the fire hose,” making it harder and harder to tell the bad stuff from the good and weed out the truly malicious content in a sea of sessions.  One part of an innovative solution is Border Gateway Protocol (BGP), the protocol that allows autonomous networks to advertise their systems across the Internet.  With a relatively unused (or at least not used to its full potential) capability called FLOWSPEC, this protocol can offer the wide area network the means to manipulate traffic based on potentially malicious content, suspected bad actors, or simply reformulate how traffic moves based on what type of traffic it is, allowing more strategic positioning of critical screening devices, investigative analysis, and intrusive countermeasures.  Bending the network rather than the security architecture, these capabilities could prove to have profound effect on not just monitoring but defensive and even offensive weapons in an ever-tilting battle against a potent enemy.

To learn more or obtain more information, please .(JavaScript must be enabled to view this email address).