Advertisement

Are BGP Routers Open to Attack? An Experiment

  • Ludovico Cavedon
  • Christopher Kruegel
  • Giovanni Vigna
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6555)

Abstract

The BGP protocol is at the core of the routing infrastructure of the Internet. Across years, BGP has proved to be very stable for its purpose. However, there have been some catastrophic incidents in the past, due to relatively simple router misconfigurations. In addition, unused network addresses are being silently stolen for spamming purposes. A relevant corpus of literature investigated threats in which a trusted BGP router injects malicious or wrong routes and some security improvement to the BGP protocol have also being proposed to make these attacks more difficult to perform. In this work, we perform a large-scale study to explore the validity of the hypothesis that it is possible to mount attacks against the BGP infrastructure without already having the control of a “trusted” BGP router. Even though we found no real immediate threat, we observed a large number of BGP routers that are available to engage in BGP communication, exposing themselves to potential Denial-of-Service attacks.

Keywords

Border Gateway Protocol Update Message Forward Information Base Open Message KEEPALIVE Message 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Biondi, P.: Scapy (2009), http://www.secdev.org/projects/scapy/
  2. 2.
    Bono, V.J.: 7007 Explanation and Apology (April 1997), http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html
  3. 3.
    Butler, K., Farley, T., McDaniel, P., Rexford, J.: A survey of BGP security issues and solutions. AT&T Labs Research (2008)Google Scholar
  4. 4.
    Chan, H., Dash, D., Perrig, A., Zhang, H.: Modeling adoptability of secure BGP protocol. ACM SIGCOMM Computer Communication Review 36(4), 290 (2006)CrossRefGoogle Scholar
  5. 5.
    Colitti, L.: Active BGP Probing (2009), http://www.dia.uniroma3.it/~compunet/bgp-probing/
  6. 6.
    Convery, S., Franz, M.: BGP Vulnerability Testing: Separating Fact from FUD. In: Black Hat US 2003 / NANOG28 Meeting (2003)Google Scholar
  7. 7.
    Gill, V., Heasley, J., Meyer, D.: The Generalized TTL Security Mechanism (GTSM). RFC 3682 (Experimental) (February 2004), http://www.ietf.org/rfc/rfc3682.txt; obsoleted by RFC 5082
  8. 8.
    Goodell, G., Aiello, W., Griffin, T., Ioannidis, J., McDaniel, P., Rubin, A.: Working around BGP: An incremental approach to improving security and accuracy of interdomain routing. In: Proc. NDSS, vol. 3 (2003)Google Scholar
  9. 9.
    Heffernan, A.: Protection of BGP Sessions via the TCP MD5 Signature Option. RFC 2385 (Proposed Standard) (August 1998), http://www.ietf.org/rfc/rfc2385.txt
  10. 10.
    James, N.: Extensions to BGP to support secure origin BGP (sobgp). Network Working Group, Cisco Systems (2002)Google Scholar
  11. 11.
    Kent, S., Lynn, C., Seo, K.: Design and analysis of the secure border gateway protocol (S-BGP). In: Proc. of DISCEX 2000 (2000)Google Scholar
  12. 12.
    Lyon, G.: Nmap – Free Security Scanner For Network Exploration & Security Audits (2009), http://www.nmap.org
  13. 13.
    Mahajan, R., Wetherall, D., Anderson, T.: Understanding BGP misconfiguration. In: Proceedings of the 2002 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 3–16. ACM, New York (2002)CrossRefGoogle Scholar
  14. 14.
    McArthur, C., Guirguis, M.: Stealthy IP Prefix Hijacking: Dont Bite Off More Than You Can Chew. In: Proc. ACM SIGCOMM (2008)Google Scholar
  15. 15.
    Nordström, O., Dovrolis, C.: Beware of BGP attacks. ACM SIGCOMM Computer Communication Review 34(2), 1–8 (2004)CrossRefGoogle Scholar
  16. 16.
    Oppermann, A., Jeker, C.: BGPDNS, Using BGP topology information for DNS RR sorting a scalable way of multi-homing. RIPE 41 Meeting (2002)Google Scholar
  17. 17.
    Pilosov, A., Kapela, T.: Stealing The Internet. DefCon 16 (2009)Google Scholar
  18. 18.
    Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. ACM SIGCOMM Computer Communication Review 36(4), 302 (2006)CrossRefGoogle Scholar
  19. 19.
    Rekhter, Y., Li, T., Hares, S.: A Border Gateway Protocol 4 (BGP-4). RFC 4271 (Draft Standard) (January 2006), http://www.ietf.org/rfc/rfc4271.txt
  20. 20.
    RIPE NCC: YouTube Hijacking: A RIPE NCC RIS case study (2008), http://www.ripe.net/news/study-youtube-hijacking.html
  21. 21.
    Sriram, K., Montgomery, D., Borchert, O., Kim, O., Kuhn, D., et al.: Study of BGP Peering Session Attacks and Their Impacts on Routing Performance. IEEE Journal on Selected Areas in Communications 24(10), 1901 (2006)CrossRefGoogle Scholar
  22. 22.
    Villamizar, C., Chandra, R., Govindan, R.: BGP Route Flap Damping. RFC 2439 (Proposed Standard) (November 1998), http://www.ietf.org/rfc/rfc2439.txt
  23. 23.
    Watson, P.: Slipping in the Window: TCP Reset attacks (2004)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Ludovico Cavedon
    • 1
  • Christopher Kruegel
    • 1
  • Giovanni Vigna
    • 1
  1. 1.University of CaliforniaSanta Barbara

Personalised recommendations