GCIH · Question #453
The target company's IP range is 151.113.0.0/16 and their border router's ASN (autonomous system numbers) includes their entire IP range. An attacker stands up their own border router with a unique AS
The correct answer is D. BGP hijacking. The attacker is advertising a route for a specific IP within the target's block via a rogue ASN, causing BGP peers to route traffic to the attacker instead of the legitimate owner.
Question
The target company's IP range is 151.113.0.0/16 and their border router's ASN (autonomous system numbers) includes their entire IP range. An attacker stands up their own border router with a unique ASN that is associated with 151.113.255.33. What type of attack is this?
Options
- AACK storm
- BDenial of service
- CARP cache poisoning
- DBGP hijacking
How the community answered
(16 responses)- B13% (2)
- C6% (1)
- D81% (13)
Why each option
The attacker is advertising a route for a specific IP within the target's block via a rogue ASN, causing BGP peers to route traffic to the attacker instead of the legitimate owner.
An ACK storm is a TCP-layer denial-of-service condition caused by forged ACK packets in a session, unrelated to BGP route announcements.
While BGP hijacking can cause a denial-of-service effect, the specific attack described - standing up a rogue ASN and advertising a stolen prefix - is definitionally BGP hijacking, not a generic DoS attack.
ARP cache poisoning is a Layer 2 attack that manipulates the ARP table on a local network segment; it has no relation to BGP or inter-domain routing.
BGP hijacking occurs when a malicious actor announces an IP prefix via BGP that they do not legitimately own, causing other autonomous systems to update their routing tables and forward traffic to the attacker's router. By advertising a more specific prefix (a /32 host route within the target's /16), the rogue route is preferred over the legitimate announcement due to BGP's longest-prefix-match rule, effectively intercepting or blackholing traffic destined for that IP.
Concept tested: BGP prefix hijacking via rogue ASN announcement
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/bgp-route-security.html
Topics
Community Discussion
No community discussion yet for this question.