BGP-LEAKNetworking

BGP Route Leak / Traffic Hijack

An autonomous system (AS) incorrectly advertises routes to your infrastructure, causing global internet traffic to be misrouted or dropped before reaching your edge.

Root Cause & Remediation

Misconfiguration by an upstream ISP or a malicious BGP hijack attempting to intercept traffic.

Remediation steps

1Monitor BGP announcements using a service like ThousandEyes or Cloudflare Radar.
2Contact your upstream transit providers immediately to filter the leaked routes.
3If utilizing a DDoS mitigation network (e.g., Cloudflare, Akamai), rely on their Anycast network to absorb and reroute the impact.
4Implement Resource Public Key Infrastructure (RPKI) to cryptographically sign your route advertisements.
5Communicate to customers that the issue is external to your infrastructure but affects their connectivity.

DORA Risk Matrix

Typical classification

MAJOR INCIDENT

Likelihood: Low
Blast radius: Often regional or global depending on the extent of the leak. External clients cannot reach your services.
CIF impact: Total loss of connectivity for affected geographical regions, completely blocking client access to web and mobile apps.
Analyst notes: Even though the root cause is external (an ISP error), the impact on your clients triggers DORA thresholds. The Geographic Spread criterion (Art. 9(4)) is almost always breached.

Security Context

Reputational Impact: Relevant media coverage, significant volume of client complaints, or proactive contact from a competent authority.

Ready to classify this incident?

Use the DoraPulse Triage Calculator to instantly determine if this event breaches DORA materiality thresholds and generate a ready-to-file regulatory draft for your internal compliance team.

Open Triage Calculator — Pre-filled for BGP Route Leak / Traffic Hijack