TCP Dangerous Other

Port 179 (BGP)

Learn about port 179 (BGP) - security risks, vulnerabilities, and common uses. Find devices with port 179 open.

Quick Info

Port Number

179

Protocol

TCP

Service

BGP

IANA Name

BGP

Service Description

TCP port 179 is the standard port for the Border Gateway Protocol (BGP), a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. BGP enables the Internet to function by allowing routers in different ASes to learn about the best paths to reach various networks. It's crucial for inter-domain routing, allowing data to traverse multiple networks to reach its destination. BGP speakers (routers) establish TCP connections with their peers to exchange route updates, keeping the global routing table up-to-date. The protocol itself is defined in RFC 4271 and subsequent updates. BGP operates on a path-vector routing protocol, meaning that each route advertisement includes a list of ASes that the route has traversed. This path information allows BGP to detect and prevent routing loops. BGP sessions are typically persistent, meaning that the TCP connection remains open unless explicitly closed or an error occurs. This persistent connection allows for efficient exchange of route updates, as the overhead of establishing a new TCP connection is avoided for each update.

## Firewall Recommendations

BGP sessions should be restricted to only established connections between known and trusted peer ASes. Firewalls should be configured to allow TCP port 179 only between these designated BGP peers. All other traffic to this port should be blocked. Implement route filtering based on prefix lists and AS path filters to prevent the propagation of invalid or malicious routes. Use BGP Authentication (MD5 or TCP AO) to verify the authenticity of BGP messages and prevent session hijacking. Regularly monitor BGP sessions for anomalies, such as unexpected route changes or session resets. Implement Resource Public Key Infrastructure (RPKI) to validate the origin and path of BGP routes. Consider using prefix limits to prevent a peer from flooding the network with excessive routes. Employ rate limiting to mitigate potential denial-of-service attacks targeting BGP sessions. Finally, keep your BGP software up-to-date with the latest security patches to address known vulnerabilities.

Security Information

BGP is a critical component of the Internet's infrastructure, making it a prime target for attackers. A compromised BGP router can announce false routes, redirecting traffic to malicious servers (route hijacking). These attacks can be used for eavesdropping, denial-of-service, or injecting malicious content. Furthermore, vulnerabilities in BGP implementations can be exploited to gain unauthorized access to routers or disrupt network operations. Attackers might inject false routing information, causing traffic to be routed through their infrastructure for malicious purposes. Because BGP relies on trust relationships between ASes, securing BGP configurations is paramount. Misconfigured BGP sessions, weak authentication, and lack of filtering can all be exploited by attackers. The complexity of the BGP protocol itself can also lead to configuration errors that create security holes. BGP is also susceptible to TCP-based attacks due to its reliance on TCP port 179, such as TCP reset attacks which can disrupt BGP sessions.

Known Vulnerabilities

CVE	Name	Severity	Description
CVE-2020-16154	BIRD Internet Routing Daemon Improper Input Validation Vulnerability	Medium	An issue was discovered in BIRD Internet Routing Daemon 2.0.8. An attacker can cause a denial of service via crafted BGP UPDATE messages.
CVE-2015-1635	Microsoft Windows HTTP.sys Denial of Service Vulnerability	Critical	HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to cause a denial of service (system crash) via a crafted HTTP request, aka "HTTP.sys Denial of Service Vulnerability.". While this vulnerability is not directly related to BGP, exploitation of other services running on the same device could impact BGP operation.
CVE-2023-38403	Libgcrypt Integer Overflow Vulnerability	High	An integer overflow vulnerability exists in Libgcrypt. This flaw allows an attacker to trigger a denial-of-service condition or potentially execute arbitrary code by providing a specially crafted input to the cryptographic functions of Libgcrypt.
CVE-2014-0160	Heartbleed	Critical	The TLS heartbeat extension in OpenSSL versions 1.0.1 through 1.0.1f contains a vulnerability that could allow an attacker to read sensitive information from the server's memory. While not directly a BGP vulnerability, it could be used to compromise BGP routers if they are using vulnerable versions of OpenSSL for other services or management interfaces.