Losing control of the internet: using the data plane to attack the control plane

In this work, we introduce the Coordinated Cross Plane Session Termination, or CXPST, attack, a distributed denial of service attack that attacks the control plane of the Internet. CXPST extends previous work that demonstrates a vulnerability in routers that allows an adversary to disconnect a pair of routers using only data plane traffic. By carefully choosing BGP sessions to terminate, CXPST generates a surge of BGP updates that are seen by nearly all core routers on the Internet. This surge of updates surpasses the computational capacity of affected routers, crippling their ability to make routing decisions

[1]  Gebräuchliche Fertigarzneimittel,et al.  V , 1893, Therapielexikon Neurologie.

[2]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[3]  Ravishanker Chandra,et al.  BGP Route Reflection An alternative to full mesh IBGP , 1996, RFC.

[4]  Jörg Liebeherr,et al.  A near-optimal packet scheduler for QoS networks , 1997, Proceedings of INFOCOM '97.

[5]  Ramesh Govindan,et al.  BGP Route Flap Damping , 1998, RFC.

[6]  T Ansi Network and Customer Installation Interfaces - Asymmetric Digital Subscriber Line (ADSL) Metallic Interface , 1998 .

[7]  Larry L. Peterson,et al.  OS support for general-purpose routers , 1999, Proceedings of the Seventh Workshop on Hot Topics in Operating Systems.

[8]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) - Real World Performance and Deployment Issues , 2000, NDSS.

[9]  Jennifer Rexford,et al.  Stable internet routing without global coordination , 2001, TNET.

[10]  Yitzchak M. Gottlieb,et al.  Building a robust software-based router using network processors , 2001, SOSP.

[11]  Roger Wattenhofer,et al.  The impact of Internet policy and topology on delayed routing convergence , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[12]  Ramesh Govindan,et al.  An empirical study of router response to large BGP routing table load , 2002, IMW '02.

[13]  Daniel Massey,et al.  Observation and analysis of BGP behavior under stress , 2002, IMW '02.

[14]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[15]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[16]  Ramesh Govindan,et al.  Route flap damping exacerbates internet routing convergence , 2002, SIGCOMM 2002.

[17]  Steven M. Bellovin,et al.  Using Link Cuts to Attack Internet Routing , 2003 .

[18]  Daniel Massey,et al.  Analysis of BGP Update Surge during Slammer Worm Attack , 2003, IWDC.

[19]  Nick Feamster,et al.  Towards a logic for wide-area Internet routing , 2003, FDNA '03.

[20]  Nick Feamster,et al.  Guidelines for interdomain traffic engineering , 2003, CCRV.

[21]  Patrick D. McDaniel,et al.  Origin authentication in interdomain routing , 2003, CCS '03.

[22]  Nick Feamster,et al.  A model of BGP routing for network engineering , 2004, SIGMETRICS '04/Performance '04.

[23]  Volker Roth,et al.  Listen and whisper: security mechanisms for BGP , 2004 .

[24]  Yehuda Afek,et al.  Improved BGP convergence via ghost flushing , 2004, IEEE J. Sel. Areas Commun..

[25]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, TNET.

[26]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[27]  Nick Feamster,et al.  The case for separating routing from routers , 2004, FDNA '04.

[28]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2005, IEEE/ACM Transactions on Networking.

[29]  Vasilios A. Siris,et al.  Provider-based deterministic packet marking against distributed DoS attacks , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[30]  Khalid El-Arini,et al.  Bayesian detection of router configuration anomalies , 2005, MineNet '05.

[31]  Sean W. Smith,et al.  Aggregated path authentication for efficient BGP security , 2005, CCS '05.

[32]  Evangelos Kranakis,et al.  Pretty Secure BGP, psBGP , 2005, NDSS.

[33]  Andrea Bianco,et al.  Open-Source PC-Based Software Routers: A Viable Approach to High-Performance Packet Switching , 2005, QoS-IP.

[34]  David R. Cheriton,et al.  Active Internet Traffic Filtering: Real-time Response to Denial of Service Attacks , 2003, ArXiv.

[35]  Miao Ma,et al.  Tabu marking scheme for IP traceback , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[36]  Franck Le,et al.  Minerals: using data mining to detect router misconfigurations , 2006, MineNet '06.

[37]  Wanlei Zhou,et al.  Protecting information infrastructure from DDoS attacks by MADF , 2006, Int. J. High Perform. Comput. Netw..

[38]  Adrian Perrig,et al.  Modeling adoptability of secure BGP protocols , 2006, SIGMETRICS '06/Performance '06.

[39]  Modeling adoptability of secure BGP protocol , 2006, SIGCOMM '06.

[40]  Lixin Gao,et al.  A measurement study on the impact of routing events on end-to-end internet path performance , 2006, SIGCOMM.

[41]  Hongwei Zhang,et al.  LSRP: local stabilization in shortest path routing , 2006, TNET.

[42]  D. Richard Kuhn,et al.  Study of BGP Peering Session Attacks and Their Impacts on Routing Performance , 2006, IEEE Journal on Selected Areas in Communications.

[43]  Danny Dolev,et al.  Internet resiliency to attacks and failures under BGP policy routing , 2006, Comput. Networks.

[44]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.

[45]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM 2007.

[46]  Nirwan Ansari,et al.  On deterministic packet marking , 2007, Comput. Networks.

[47]  Ying Zhang,et al.  Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing , 2007, NDSS.

[48]  Enke Chen,et al.  Graceful Restart Mechanism for BGP , 2007, RFC.

[49]  Bruce M. Maggs,et al.  R-BGP: Staying Connected in a Connected World , 2007, NSDI.

[50]  Fabian Monrose,et al.  Toward reliable, verifiable, and policy-compliant inter-domain routing , 2007 .

[51]  Harrick M. Vin,et al.  Reconciling performance and programmability in networking systems , 2007, SIGCOMM 2007.

[52]  Brice Augustin,et al.  Measuring load-balanced paths in the internet , 2007, IMC '07.

[53]  Lixin Gao,et al.  Benchmarking BGP Routers , 2007, 2007 IEEE 10th International Symposium on Workload Characterization.

[54]  Xiaowei Yang,et al.  StopIt: Mitigating DoS Flooding Attacks from Multi-Millio n Botnets , 2008 .

[55]  G. Manimaran,et al.  Distributed Divide-and-Conquer Techniques for Effective DDoS Attack Defenses , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[56]  T. V. Lakshman,et al.  Proceedings of the ACM workshop on Programmable routers for extensible services of tomorrow , 2008, SIGCOMM 2008.

[57]  Thomas E. Anderson,et al.  Phalanx: Withstanding Multimillion-Node Botnets , 2008, NSDI.

[58]  Katerina J. Argyraki,et al.  Can software routers scale? , 2008, PRESTO '08.

[59]  Mark Handley,et al.  Towards high performance virtual routers on commodity hardware , 2008, CoNEXT '08.

[60]  Katerina J. Argyraki,et al.  RouteBricks: exploiting parallelism to scale software routers , 2009, SOSP '09.

[61]  Yongdae Kim,et al.  Towards complete node enumeration in a peer-to-peer botnet , 2009, ASIACCS '09.

[62]  Jia Wang,et al.  Making Routers Last Longer with ViAggre , 2009, NSDI.

[63]  Minyi Guo,et al.  Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks , 2009, IEEE Transactions on Parallel and Distributed Systems.

[64]  Brent Byunghoon Kang,et al.  The waledac protocol: The how and why , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[65]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[66]  Adrian Perrig,et al.  The Coremelt Attack , 2009, ESORICS.

[67]  Franck Le,et al.  Detecting network-wide and router-specific misconfigurations through data mining , 2009, TNET.

[68]  Bill Lin,et al.  Proactive Surge Protection: A Defense Mechanism for Bandwidth-Based Attacks , 2008, IEEE/ACM Transactions on Networking.

[69]  Kang G. Shin,et al.  Toward a Robust Internet Interdomain Routing , 2009 .

[70]  Bernhard Plattner,et al.  On Evaluating BGP Routing Stress Attack , 2010, J. Commun..

[71]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[72]  W. Marsden I and J , 2012 .