BGP Security Threats

1
BGP Security Threats

• Yin Zhang
• CS395T Advanced Topics in Computer Networks
• February 21, 2006

2
Attacks Between BGP Peers

• Attacks against confidentiality
• Eavesdropping
• Attacks against message integrity
• Man in the middle
• Insertion, deletion, modification, replay
• Session termination
• BGP session reset after any fault
• By-product of insertion/deletion/

Charlie
Alice
Bob
3
Large Scale Attacks

• Fraudulent origin attacks
• Prefix hijacking
• Pretend to be the originator of a prefix
• Black holing
• Drop all traffic to hijacked prefix
• Prefix de-aggregation
• LPM ? subnet is chosen over supernet
• De-aggregation can also overload routing tables
• Subversion of path information
• Altering attributes in UPDATE messages
• Alter AS path ? routing delays, traffic pattern
• Alter MEDs, community ? undermine TE

4
Denial of Service

• Many attacks can be considered DoS
• Black holing
• Path subversion
• E.g. too long a route can cause TTL to expire
• Session reset via wrong/false BGP messages
• Session reset via TCP RST attack
• Not difficult to guess sequence no is in
  congestion window ? can send RST
• Direct DoS attack
• SYN flood, bandwidth attack, Smurf,
• BGP features that make the problem worse
• Table reset add more traffic into congested
  network
• Route dampening route suppression DoS

5
Misconfiguration

• Misconfiguration often has the same effects as an
  attack
• A canonical incident
• Florida Internet Exchange (AS7007) deaggregated
  every prefix in routing table
• AS7007 announces the first /24 block of each of
  these prefix as their own
• AS7007 melts by crush of traffic
• Routes start flapping
• Backbone networks throughout North America
  Europe crash

6
Root Cause Limitations of BGP

• BGP does not protect integrity, freshness, origin
  authentication of messages
• No integrity ? can tamper a message
• No freshness ? can replay a message
• No origin authentication ? can impersonate origin
• BGP does not validate an ASs authority to
  announce reachability information
• No authorization ? can forge path vector ? path
  subversion
• BGP does not ensure the authenticity of path
  attributes announced by an AS
• No authenticity ? can alter path attributes

7
Reference

• Kevin Butler, Toni Farley, Patrick McDaniel,
  Jennifer Rexford, A Survey of BGP Security.