Border Gateway Protocol (BGP) can be used to connect together a network of autonomous systems (AS). Each autonomous system needs at least one router (sometimes referred to as a “BGP speaker”) that is able to run BGP and is able to connect to at least one BGP router in other autonomous system. To adequately analyze traffic traversing a data network, it is important to be able to determine the AS-path from the source network to the destination network, and the entry and exit routers within a data network.
Data transiting over a network of autonomous systems (AS) may be compromised by AS-path forgeries. One such approach, commonly referred to as a man-in-the-middle (MITM) attack involves misdirecting specific Internet traffic via carefully constructed BGP routing messages. Using this approach, an attacker can redirect incoming traffic of a victim through the attacker's autonomous system for inspection or alteration before ultimately passing it on to the victim. The MITM attack relies on the attacker winning a best path selection process in BGP routing. For example, MITM may announce a more specific network prefix than a network prefix announced by the victim. Since BGP policy typically defaults to the route with the most specific prefix, the attacker can receive all traffic intended for that more specific network prefix, rather than the rightful owner (i.e., the victim). In a successful MITM attack, the misdirected traffic may then be transparently passed to the victim by creating a viable path from the attacker's autonomous system to the victim.