Service:
bgmp
Protocol:
TCPPort:
264Used for:
Border Gateway Multicast ProtocolWhy It’s Open
Port 264 is used by BGMP (Border Gateway Multicast Protocol), which manages multicast routing between different autonomous systems on the Internet. This protocol is part of the internet’s multicast infrastructure, allowing efficient distribution of multicast traffic across network boundaries. It’s typically found on enterprise routers and ISP infrastructure.
Common Risks
- Route hijacking
Malicious actors may advertise false multicast routes - Denial of service
Route table flooding or resource exhaustion attacks - Information disclosure
Routing tables may reveal network topology - Man-in-the-middle attacks
Interception of multicast traffic flows - Authentication weaknesses
Lack of standardized authentication mechanisms in BGMP - Protocol vulnerabilities
Implementation flaws in BGMP stack - Network reconnaissance
Service may reveal connected networks and peers
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Service Detection:
nmap -sV -p 264Port Status Check:
nmap -sT -p 264Traffic Capture:
tcpdump -i eth0 port 264What to Look For
| Checkpoint | What it means |
|---|---|
| Protocol version | Identify BGMP implementation and version |
| Route authentication | Check for MD5 or other authentication mechanisms |
| Peer relationships | Verify authorized routing peers and neighbors |
| Route filtering | Test for proper ingress/egress filtering |
| Information leakage | Check for excessive routing information disclosure |
Mitigation
- Implement route authentication
Use MD5 or stronger authentication for routing peers - Configure route filtering
Implement strict ingress and egress route filters - Limit peer connections
Restrict BGMP peering to authorized routers only - Monitor routing tables
Log and analyze routing table changes - Network segmentation
Isolate routing infrastructure from user networks - Regular security updates
Keep routing software patched and current - Rate limiting
Implement limits on routing updates and connections
TL;DR
- Port 264 = BGMP Protocol service
- Protocol: TCP
- Used for: Border Gateway Multicast Protocol
- Security focus: Route hijacking prevention and multicast security
Known CVEs and Exploits
There are currently no published CVEs for BGMP in the NVD. However, since BGMP lacks standardized authentication and was never finalized for production use, systems exposing this port may still be at risk for:
- Custom protocol exploitation
- Routing manipulation
- Information disclosure via misconfigured services