Note
BGP depends on TCP as its transport protocol. Therefore, it is vulnerable to the same security attacks as any TCP-based protocol.| Threats against BGP | Description |
|---|---|
| Denial of Service (DoS) | A malicious host sends unexpected or unwanted BGP traffic to a neighbor in an attempt to saturate control plane resources, which results in not having enough resources to process legitimate BGP traffic on the neighbor. |
| Route Manipulation | A malicious host modifies the contents of a BGP routing table, diverting traffic, and preventing it, without the sender‘s knowledge, from reaching its intended destination. |
| Route Hijacking | A rogue BGP neighbor maliciously advertises a victim‘s networks to redirect some or all of victim‘s traffic to itself. |
| Misconfiguration (non-malicious) | An unintentionally misconfigured BGP router could affect the Internet‘s BGP routing table, possibly leading to network outages and, worse, unauthorized access to the network traffic. |
Note
For BGP MD5 passwords, the ASCII characters 0-32 are not supported. In addition, special handling is required for MD5 passwords that contain certain special characters.Examples
| MD5 password provided through CLI | Actual MD5 password |
| '~`!@#$%^&*()_-+={[}]|\"<>"/"'"' | ~`!@#$%^&*()_-+={[}]|\"<>"/' |
| 'a"'"a" | a"a |
| 'a""'"a" | a"""a" |
| 'a"'"""a'" | a"a' |