Home / Companies / Cloudflare / Blog / Post Details
Content Deep Dive

Enforcing the First AS in BGP AS_PATHs

Blog post from Cloudflare

Post Details
Company
Date Published
Author
Bryton Herdes, Bryce Walters, and Mingwei Zhang
Word Count
2,635
Company Posts That Month
19
Language
English
Hacker News Points
-
Post removed?
No
Summary

Recent route hijacks reported by Spamhaus have highlighted vulnerabilities in Internet routing, specifically involving the misuse of unused autonomous system numbers and forged AS_PATHs to misdirect traffic. These hijacks involve manipulating the Border Gateway Protocol (BGP) to create fake paths, allowing attackers to intercept traffic and mask their identities. A critical defense against such attacks is the enforcement of the "First AS" rule, which ensures the first autonomous system in a BGP path matches the peer AS number. Testing of major networks revealed that while some Tier 1 networks enforce this rule, others do not, leaving them susceptible to hijacks. The study underscores the importance of adhering to BGP best practices and enforcing the First AS rule to enhance Internet security against routing anomalies and malicious activities.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.