Cloudflare Company broker , designed to draw attention to the problem of leaking incorrect BGP routes and the possibility of redirecting traffic using the BGP protocol. The site allows you to check the use of incorrect route filtering technology by providers and evaluate the implementation of RPKI support.
Many carriers are left exposed to BGP subnet announcements with fictitious route length information that route transit traffic through third-party providers. Increasingly, cases of using BGP for attacks are emerging, during which attackers, by compromising the infrastructure of providers, organize redirection and interception of traffic to replace specific sites through the organization of MiTM attacks to replace DNS responses.
The solution to the problem is the implementation of a BGP announcement authorization system based on RPKI (Resource Public Key Infrastructure), which allows you to determine whether the BGP announcement comes from the owner of the network or not. When using RPKI for autonomous systems and IP addresses, a chain of trust is built from IANA to regional registrars (RIRs), and then to service providers (LIRs) and end consumers, which allows third parties to verify that the operation on the resource was performed by its owner. Unfortunately, despite the problems, RPKI is not yet used by most providers. The new Cloudflare service allows you to track problem operators and draw public attention to them.
Source: opennet.ru