MANRS and Routing Security in Brazil’s ISP Landscape
Exploring how Brazilian ISPs are embracing MANRS to fortify BGP routing against threats and build a resilient digital infrastructure.
Brazil’s internet ecosystem has grown exponentially, powering everything from e-commerce to streaming services for millions. Yet, this expansion brings vulnerabilities, particularly in the Border Gateway Protocol (BGP) that directs internet traffic globally. Mutually Agreed Norms for Routing Security (MANRS) emerges as a vital framework to mitigate these risks. By promoting transparency and best practices among network operators, MANRS fosters a collaborative defense against hijacks, leaks, and misconfigurations that can disrupt services nationwide.
The Critical Role of BGP in Modern Networks
BGP serves as the backbone of internet routing, enabling autonomous systems (ASes) to exchange reachability information. In Brazil, with over 100 active IXPs and a dense web of regional providers, BGP’s efficiency is paramount. However, its trust-based design leaves room for errors. A single prefix hijack can reroute traffic through unintended paths, exposing data to interception or causing outages.
Recent incidents underscore this fragility. For instance, fraudulent prefix announcements have disrupted services from major players like Cloudflare and Google, as documented in regional diagnostics. These events highlight the need for validation mechanisms like Resource Public Key Infrastructure (RPKI), which MANRS champions through cryptographically signed route objects.
Evolution of MANRS in Latin America
Launched by the Internet Society, MANRS outlines actionable steps for operators: filtering routes, setting up global validation, maintaining accurate registries, and coordinating incident responses. In Brazil, adoption has surged, with nearly 100 networks participating by 2020, representing a quarter of global MANRS members. This momentum stems from partnerships with NIC.br, Brazil’s authoritative registry, which has hosted workshops to demystify implementation.
Progress is measurable. Valid Route Origin Authorizations (ROAs) have multiplied, Internet Routing Registry (IRR) objects are more precise, and regional coordination has strengthened. Despite persistent incidents, these gains signal a maturing security posture.
Recent Threats Targeting Brazilian ISPs
Brazil’s regional ISPs face escalating pressures. In early 2026, a staggering 17,527 DDoS attacks hammered five small fiber operators in one week, per A10 Networks telemetry. These weren’t random; attackers used multi-port carpet-bombing on obscure ports (7,9,10,11 and 2048-2816), saturating /24 subnets without tripping per-IP thresholds.
| Target Profile | Attacks (Feb 9-15, 2026) |
|---|---|
| Regional fiber ISP – Southeast | 7,630 |
| Local broadband – Coastal | 5,322 |
| Small independent ISP | 1,736 |
| Privately held last-mile | 1,686 |
| Community fiber – Suburban | 872 |
This shift targets under-resourced providers lacking scrubbing centers, forcing upstream overloads. Compounding issues, a 2026 Krebs on Security report revealed a DDoS protection firm unwittingly enabling a botnet via compromised servers, scanning for vulnerable TP-Link routers (CVE-2023-1389).
Why Regional ISPs Are Prime Targets
- Thin Margins and Legacy Gear: Small operators rely on commodity routers without built-in mitigation, making them soft entry points.
- Aggregate Saturation Tactics: Distributed low-volume floods evade defenses, as seen in port scans from Brazilian ASes hitting global networks.
- Peering Gaps: Inefficient routes, like GRU traffic looping via Miami, amplify latency and exposure.
These patterns demand proactive measures beyond reaction.
MANRS Actions: A Blueprint for Defense
MANRS’s four pillars offer practical safeguards:
- Filtering: Prevent announcing invalid prefixes using IRR and RPKI.
- Global Validation: Publish ROAs to signal legitimate origins.
- Registry Accuracy: Sync AS-SET and route objects to avoid leaks.
- Coordination: Share threat intel via platforms like NIC.br’s forums.
Brazilian leaders like those at NIC.br exemplify success, boasting high ROA validity and incident response efficacy.
Surveying Operator Sentiments and Readiness
Community polls reveal nuanced views. While outages rank below DDoS or spam as top pains, 80-90% deem routing security essential. About 30% already align with most MANRS actions, and two-thirds plan adoption post-controls. Nearly half eye active promotion roles, indicating grassroots buy-in.
This willingness bridges to action, especially as MANRS aids differentiation—secure operators attract peering and customers.
Overcoming Implementation Barriers
Challenges persist: resource constraints for small ISPs, RPKI deployment complexity, and awareness gaps. Solutions include:
- Free tools from NIC.br and MANRS observers.
- Automated validation via RIPE NCC or LACNIC.
- Peer mentoring through IXP events.
FORT Project reports show Latin America’s RPKI uptake rising post-2017, curbing incidents like SECW Telecom’s hijacks.
Strategies for DDoS-Resistant Routing
Integrating MANRS with DDoS defenses yields robust networks:
- Pre-negotiate RTBH with upstreams using community tags.
- Monitor aggregate /24 traffic baselines.
- Formalize intel sharing among regional peers.
Cloudflare’s reports corroborate telcos as top targets, urging baseline scrubbing.
Future Outlook: Building Resilient Infrastructure
Brazil’s MANRS trajectory promises a safer internet. With 365+ global participants and local champions, expect fewer hijacks and faster mitigations. Policymakers could incentivize via subsidies, while IXPs enforce norms. Ultimately, collective commitment will shield users from disruptions.
Frequently Asked Questions
What is MANRS?
MANRS is a voluntary initiative by Internet Society promoting BGP best practices to enhance routing security.
How many Brazilian networks use MANRS?
As of recent data, 96 operators and one IXP participate, about 26% of global total.
Why target small ISPs with DDoS?
They often lack mitigation, enabling cheap saturation via automated floods.
Can RPKI stop all hijacks?
No, but it validates origins, reducing invalid announcements significantly.
How to start with MANRS?
Assess against actions, join via manrs.org, leverage NIC.br resources.
References
- Routing Security in Latin America and the Caribbean – FORT Project Diagnostic Report — FORT Project. 2018. https://fortproject.net/en/diagnostic-report.pdf
- MANRS, Routing Security, and the Brazilian ISP Community — MANRS.org. 2017-12. https://manrs.org/2017/12/manrs-routing-security-and-the-brazilian-isp-community/
- Making the Most of Our MANRS Partnerships – NIC.br and Brazil Lead the MANRS Pack — Internet Society. 2020-06. https://www.internetsociety.org/blog/2020/06/making-the-most-of-our-manrs-partnerships-nic-br-and-brazil-lead-the-manrs-pack/
- Attackers Hit Brazil’s Regional ISPs; Telcos the #1 DDoS Target Globally — A10 Networks. 2026-02. https://www.a10networks.com/blog/attackers-hit-brazils-regional-isps-telcos-the-1-ddos-target-globally/
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPs — Krebs on Security. 2026-04. https://krebsonsecurity.com/2026/04/anti-ddos-firm-heaped-attacks-on-brazilian-isps/
Similar Articles
Read full bio of medha deb
