Years ago, I was much more heavily involved in the network engineering side of the network world. Don't get me wrong, there's still plenty of groveling through packet captures here at TippingPoint's orbiting HQ, but I used to actually design networks and configure routers and do all of the nuts-and-bolts stuff that makes networks run.

As a result of this, I know a reasonable amount about various low-level network protocols, including the wonderful, critical, byzantine, and obscure Border Gateway Protocol (BGP).

BGP is an example of an Exterior Gateway Protocol (EGP), as opposed to an Interior Gateway Protocol (IGP). There, see? That clears things up.

Seriously, though. The difference between interior and exterior gateway protocols is whether they are designed to maintain routing for nodes within an Autonomous Systems (ASes) or nodes between ASes.

An Autonomous System is, well, an autonomous system. It is a network that, at the lowest layer of the Internet, is distinct from all other networks. Basically, an autonomous system is supposed to be entirely responsible for traffic within its borders. If you know in what AS your traffic's destination lives, once it hits that AS, it ceases to be anyone's responsibility but theirs to get that traffic properly routed.

Interior gateway protocols are designed to handle routes within ASes. Common protocols include Open Shortest Pathway First (OSPF), Interior Gateway Routing Protocol (IGRP) and Enhanced Interior Gateway Routing Protocol (EIGRP). These protocols are used to maintain routing tables and figure out the best paths between hosts in one AS - such as between campuses in a large corporation or points-of-presence in a telecommunications network.

EGPs handle the problem of routing traffic between different ASes. For example, a multi-homed host may be reachable via both Time Warner's network and Sprint's network. That means that the multi-homed host is reachable via two autonomous systems. Which route should be chosen to get there?

ASes use EGPs to advertise the ranges of IP addresses that their autonomous system knows how to route to, and how well they can route traffic to them.

The only EGP currently in use is the Border Gateway Protocol. BGP is considered to be the core routing protocol of the Internet; it maintains all of the routes between all of the networks that, together, comprise the modern Internet. It is therefore very important.

Well, BGP was designed in a simpler time, a time when you felt like you could trust your neighbor. Therefore, security wasn't really its strong point. In fact, its security is a major weak point.

What's the point of all this, you may ask? Well, everyone remembers Dan Kaminsky's ginormous DNS flaw that made the rounds and scared a lot of people. Now, an equally-if-not-worse way of exploiting the design of BGP has surfaced, thanks to Alex Polisov and Tony Kapela at this year's just-passed DefCon conference.

I'm not going to go into the details of the attack - I don't want to steal their thunder - but I'll go over a bit why this is scary and interesting.

First off, BGP really is everywhere, just like DNS. Unlike DNS, however, it's not ubiquitously understood - a lot of network administrators have never even heard of BGP, and very few people have ever actually administered BGP. Therefore a flaw in the design of BGP may not be addressed as quickly as a flaw in DNS. Active attacks against the flaw might not even be noticed by most network engineers.

The other thing that makes this interesting is that it's possibly the sign of a true sea change in the way the Internet works. When the Internet first got off of the ground, all of the nodes were more-or-less trusted, and the protocols were designed accordingly. Nowadays, none of the nodes can trust any of the other nodes. The Internet has grown very quickly, but the core protocols have, by necessity, stayed close to their original designs.

The core protocols are going to have to start changing, perhaps more quickly than we're really comfortable with. The Big One - the transition to IPv6, hasn't happened yet, and it will undoubtedly be the worst shakeup the Internet has undergone since the September That Never Ended. Even after that, though, we're going to have to ferret out all of the older protocols, figure out how to secure them, and then - worst of all - go through the long and arduous process of actually securing them.

As an example, look at DNSSEC - the security extensions for DNS, were first publicized in 1997. Still, after 11 years, practically no one has implemented DNSSEC. Certificate-authenticated email transfer is likewise languishing.

All of these efforts failed because as long as one individual in the system is unsecured, the whole thing breaks down. Changing to a completely secure DNS, SMTP, or BGP infrastructure is going to be like the day Sweden switched to driving on the right. It's going to be expensive, it's going to be painful, and it's going to cause some accidents, but in the end, we'll all be better off for it.