Toward Secure Routing Infrastructures
IEEE Security and Privacy
Losing control of the internet: using the data plane to attack the control plane
Proceedings of the 17th ACM conference on Computer and communications security
Are BGP routers open to attack? an experiment
iNetSec'10 Proceedings of the 2010 IFIP WG 11.4 international conference on Open research problems in network security
Livermore computer network simulation program
Proceedings of the 5th International ICST Conference on Simulation Tools and Techniques
| Hi-index | 0.07 |
We present a detailed study of the potential impact of border gateway protocol peering session attacks and the resulting exploitation of route flap damping (RFD) that cause network-wide routing disruptions. We consider canonical grid as well as down-sampled realistic autonomous system (AS) topologies and address the impact of various typical service provider routing policies. Our modeling focuses on three dimensions of routing performance sensitivity: 1) protocol aware attacks (e.g., tuned to RFD); 2) route selection policy; and 3) attack-region topology. Analytical results provide insights into the nature of the problem and potential impact of the attacks. Detailed packet-level simulation results complement the analytical models and provide many additional insights into specific protocol interactions and timing issues. Finally, we quantify the potential effect of the BGP graceful restart mechanism as a partial mitigation of the BGP vulnerability to peering session attacks