Analysis and emulation of BGP hijacking events.

Border Gateway Protocol (BGP) is the standard protocol used for inter-domain routing in the Internet. Since it was designed without built-in security mechanisms, nowadays it results in being vulnerable to various security issues. Although countermeasures exist to secure BGP sessions, they are not widely used due to lack of knowledge and complexity of the setup. The aim of this paper is to raise awareness about routing security in BGP, to provide a methodology to deepen the analysis of BGP incidents and a tool to reproduce them in a sandbox environment, to better understand how these issues arise and why it is crucial to have security countermeasures in place. The paper examines a recent BGP incident in March 2022, where a Russian ISP hijacked an IP prefix belonging to Twitter. A comprehensive analysis of the incident is performed, including how it spread throughout the Internet and presenting the powerful toolkit used for the analysis. In the last section, the paper explains the usage and the potentiality of the tool KathBGPBuilder, which can recreate a real BGP deployment with minimal manual configuration using open data collected from RIPEstat. This tool can be utilized to experiment and recreate real BGP incidents, or to test security mechanisms.