1 / 18

Performing BGP Experiments on a Semi-Realistic Internet Testbed Environment

Performing BGP Experiments on a Semi-Realistic Internet Testbed Environment. Ke Zhang, Soon-Tee Teoh, Shih-Ming Tseng, Rattapon Limprasitipom, Kwan-Liu Ma, S. Felix Wu. The 2nd International Workshop on Security in Distributed Computing Systems, 2005. Outline. Introduction Testbed Topology

gamma
Download Presentation

Performing BGP Experiments on a Semi-Realistic Internet Testbed Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Performing BGP Experiments on a Semi-Realistic Internet Testbed Environment Ke Zhang, Soon-Tee Teoh, Shih-Ming Tseng, Rattapon Limprasitipom, Kwan-Liu Ma, S. Felix Wu The 2nd International Workshop on Security in Distributed Computing Systems, 2005

  2. Outline • Introduction • Testbed Topology • MOAS Attack Experiment • BGP Route Flap Damping(RFD) • Attack Scenario in Routing Testbed • Conclusion

  3. Introduction AS IGP AS AS BGP • BGP become a critical component • For BGP wide deployment and significant role of connecting various networks. • BGP may cause world-wide connectivity loss.In 1997, a small ISP incorrectly announced all prefixes as its own prefixes.  many routers affected, crashed, and whole Internet unstable for hours • Apply cryptography to improve BGP security • S-BGP(Secure Border Gateway Protocol), SoBGP(Secure Origin BGP), Listen and Whisper(Security Mechanisms for BGP)

  4. Introduction DHS NSF Founded • DETER / EMIST • Evaluation Methods for Internet Security Technology (EMIST) • DETER--A software system provides a time- and space-shared platform for experiment in distributed systems and networks. • In BGP, the major obstacle is the lack of experimental infrastructure. • DETER / EMIST group build a 72-node experimental network and emulated DDOS, worm and routing attacks. • BGP simulator BGP++, NS-2, SSFNet Penn State ICSI UC Davis Sparta Purdue SRI EMIST DETER / EMIST • 72-node • 5 commercial routers • 12 zebra routers IPsec / VPN connection UC- Davis, CA

  5. Testbed Topology Origin AS Tire-1 AS • 5-layer AS hierarchical structure • Tier-1 ASes: The major ISPs formed the back-bone of the Internet. (Sprint, AT&T, UUNet etc.) • Tier-2 ~ Tier-4 ASes: the regional ISPs or transit ASes to provide transit service for smaller or customer networks • Tier-5 ASes: campus networks or company networks (stub ASes) • Experiment (three-level hierarchical topology in DeterLab) • 3 Tier-1 ASes: fully-connected Zebra routers (full mesh) • 4 Tier-2 ASes: 2 AS(multi-home ASes), 2 ASes(single-home AS) • Tier-3 AS: stub ASes. prefix Tire-2 ~ Tire-4 AS Tire-5 AS Campus or company network

  6. MOAS Attack Experiment • Original AS • A BGP prefix is announced by a single AS, called the original AS. Origin AS Tire-1 AS Origin AS Tire-1 AS Origin AS Tire-1 AS prefix prefix No mechanism to prevent the origin AS conflict prefix AS Tire-2 AS Campus networks AS AS

  7. MOAS Attack Experiment AS AS AS AttackerAS victimAS subnetwork AS AS AS attacker • An attacker originates the same prefix as the victim AS with shorter AS path. • Since the shorter AS path is perfered in BGP route selection process, some Ases may choose the fake routes. • An attacker originates the prefix that is the subnetwork of the victim AS network. • For BGP always chooses the more specific route, the traffic destined to the subnetwork will go to the attacker.

  8. BGP Route Flap Damping(RFD) A mechanism to reduce the amount of update messages in the Internet caused by instability. Crashrestart

  9. Po: current penalty value H: half-life time BGP Route Flap Damping(RFD) A mechanism to reduce the amout of update messates in the Internet caused by instability. • Each router configures two thresholds: • Suppression The penalty value is increased to be greater than the suppression threshold, the route is suppressed. • Reuse • if the route is stable, the penalty value decays exponentially with the configured half-life value. • The penalty value under the reuse threshold  The route is reused again.

  10. Attack Scenario in Routing Testbed S: the prefix originator D: the router of the victim network M: an attacker The best path(D to S): D-A-M-S P(A, M): A’s damping penalty for the route heard from M. P(D, A): D’s damping penalty for the route heard from A Figure 3. network topology in differential damping attack

  11. Attack Scenario in Routing Testbed • 1. M sends withdraw message to A. • ♣ using the path D-A-B-C-S • ♣ P(A, M) = 1000 • 2. M waits until the previous P(A, M) decays to a small value. • ♣ P(A, M) = small value • S sends the attribute change update; M does not propagate to A. • ♣the porpagate path = D-A-B-C-S, not D-A-M-S • ♣ P(D, A) = 500, P(A, M) = small value • M sends the re-announcement to A. • ♣ A informs D to change path from A-B-C-S to A-M-S. • ♣ P(D, A) = 500 + 500 = 1000 Figure 3. network topology in differential damping attack

  12. Attack Scenario in Routing Testbed 5.0 M sends the new path A-M-M-M-S to A. ♣ A informs D to change path from A-M-S to A-B-C-S. ♣ P(D, A) = 1000 + 500 = 1500, P(A, M) = 500 5.1 M sends M-S to A. ♣ A informs D to change path from A-B-C-S to A-M-S. ♣ P(D, A) = 1500 + 500 = 2000, P(A, M) = 500 + 500 =1000 5.3 M sends the new path A-M-M-M-S to A. ♣ A informs D to change path from A-M-S to A-B-C-S. ♣P(D, A) = 2000 + 500 = 2500, P(A, M) = 1000 + 500 =1500 ♣ M isolates D from S successfully. 6 M repeat 5.0 and 5.1 step every 400 seconds. ♣ P(D, A) above the reuse threshold and P(A, M) below the suppression threshold Figure 3. network topology in differential damping attack P(D, A) P(A, M) P(D, A)

  13. Attack Scenario in Routing Testbed Figure 3. network topology in differential damping attack The attacker maintains the P(A, M) above reuse threshold, D will suppress the route forever. P(D, A) P(A, M) P(D, A)

  14. Attack Scenario in Routing Testbed

  15. Conclusion • describe the design and implementation of a BGP routing testbed. • implement the BGP data analysis engine and visualization engine to analyze and display BGP traffic. • conduct two BGP attacks in the testbed – MOAS attack and the differential damping penalty attack • discover the subtle implementation difference between zebra router and Cisco router, which yield different attack effects

  16. BGP Internet Testbed Environment Real internet Real routing data(background traffic) AS 17000 ASes IGP simulation AS inject • 72-node • 5 commercial routers • 12 zebra routers 100 BGP routers BGP Large AS DETER / EMIST • The testbed architecture includes four components: • Routing topology, background traffic, data analysis and visualization • This paper describes two specific BGP attacks:(a) Multiple Origin AS (b) route flap damping attacks

  17. AS BGP IGP AS AS • AS(Autonomous System)A set of routers with a single routing policy, running under a single technical administration. • IGP (Interior Gateway Protocola protocol for exchanging routing information between gateways (hosts with routers) within an autonomous network • BGP(Border Gateway Protocol) discovery and maintenance of paths between distant ASes in the Internet BGP

  18. terminology UUNet: Short for UNIX to UNIX Network, the first commercial Internet service provider, headquartered in Fairfax, VA. The company was founded in 1987 by Rick Adams, one of the original developers of ARPAnet, the precursor to the Internet. In 1996, UUNET merged with MFS Communications, Inc., and later that year, WorldCom acquired both MFS and UUNET. UUNET is now a full-service provider. NSF(National Science Foundation) PHS(Department of Homeland Security): Governmental agency works to prevent terrorist attacks within the United States, reduce America’s vulnerability to terrorism, and minimize the damage from potential attacks and natural disastors.

More Related