logo

Port 179 - BGP (Border Gateway Protocol)

Service:

bgp

Protocol:

TCP

Port:

179

Used for:

Border Gateway Protocol for managing core internet routing

Why It’s Open

Port 179 is used for Border Gateway Protocol (BGP), the core routing protocol that manages how packets are routed across the internet between autonomous systems (AS). BGP is essential for internet infrastructure, enabling ISPs, data centers, and large enterprises to exchange routing information and determine optimal paths for network traffic. Network operators expose this port to establish BGP peering sessions with other autonomous systems. Due to its critical role in internet routing, BGP is typically only exposed between trusted peers and should never be accessible to the public internet.

Common Risks

  • Route Hijacking
    Attackers can announce false routes to redirect traffic through malicious networks
  • Route Leaks
    Misconfigured BGP peers can accidentally propagate incorrect routing information
  • Session Hijacking
    Unprotected BGP sessions can be taken over to inject malicious routes
  • Denial of Service
    BGP session resets or route flapping can disrupt network connectivity
  • Man-in-the-Middle
    Traffic can be intercepted by manipulating routing tables

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Check if it’s open:

Terminal window
nmap -sT -p 179 <target>

BGP service detection:

Terminal window
nmap -sV -p 179 <target>

Check BGP session state:

Terminal window
nc -nv <target> 179

Using BGP-specific tools:

Terminal window
bgpq4 -h <target>

What to Look for

CheckpointWhat it means
Port 179 open to internetBGP should only be accessible to trusted peers
No MD5 authenticationSessions vulnerable to hijacking
Missing RPKI validationRoutes not cryptographically verified
No prefix filteringAccepting routes without validation

Mitigation

  • MD5 Authentication
    Enable TCP MD5 signatures for BGP session authentication
  • RPKI/ROA Validation
    Implement Resource Public Key Infrastructure to validate route origins
  • Prefix Filtering
    Only accept expected prefixes from each peer using prefix lists
  • GTSM (TTL Security)
    Enable Generalized TTL Security Mechanism to prevent remote attacks
  • Access Controls
    Restrict BGP port access to known peer IP addresses only

Real World Example

In 2018, a BGP hijacking incident redirected traffic destined for Amazon’s Route 53 DNS service through a Russian ISP, enabling attackers to steal approximately $150,000 in cryptocurrency by redirecting users to a malicious MyEtherWallet clone.

TL;DR

  • Port 179 = BGP routing protocol
  • Critical internet infrastructure
  • Should never be publicly accessible
  • Requires authentication and route validation

Known CVEs and Exploits

  • CVE-2022-40302 – FRRouting BGP daemon out-of-bounds read vulnerability
  • CVE-2023-38802 – FRRouting BGP message parsing vulnerability causing DoS
  • CVE-2019-5018 – Cisco IOS XR BGP denial of service vulnerability
  • BGP hijacking attacks remain a significant threat due to lack of widespread RPKI adoption.