End-to-end routing behavior in the Internet
IEEE/ACM Transactions on Networking (TON)
Internet Routing Architectures
Internet Routing Architectures
Understanding BGP misconfiguration
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Detection and analysis of routing loops in packet traces
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Towards an accurate AS-level traceroute tool
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
On the correlation between route dynamics and routing loops
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Flooding attacks by exploiting persistent forwarding loops
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
PlanetSeer: internet path failure monitoring and characterization in wide-area services
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
MultiNet: multiple virtual networks for a reliable live streaming service
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
End-user perspectives of Internet connectivity problems
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
In this paper, we present a measurement study of persistent forwarding loops and a flooding attack that exploits persistent forwarding loops. Persistent forwarding loops may share one or more links with forwarding paths to some hosts. An attacker can exploit persistent forwarding loops to overload the shared links and disrupt Internet connectivity to those hosts. To understand the extent of this vulnerability, we perform extensive measurements to systematically study persistent forwarding loops. We find that persistent forwarding loops do exist in the Internet. At least 35 million addresses experience persistent forwarding loops, and at least 11 million addresses can be attacked by exploiting such persistent forwarding loops. In addition, 87.4% of persistent forwarding loops involve routers in destination domains, which can be observed from various locations. This makes it possible to launch attacks from multiple vantage points. We also find that most persistent forwarding loops are just two hops long, which enables an attacker to significantly amplify traffic to them. We further investigate the possible cause of persistent forwarding loops, and find that about 50% of them are caused by neglecting to configure pull-up routes. We show that even if the misconfiguration occurs in a stub network, it may cause persistent forwarding loops involving routers in large ISPs, and can potentially be exploited by attackers to flood links in a backbone network. To the best of our knowledge, this is the first study of exploiting routing misconfigurations to launch DDoS attacks and understanding the impact of such attacks.