论文信息 - Peer Pressure: Exerting Malicious Influence on Routers at a Distance

Peer Pressure: Exerting Malicious Influence on Routers at a Distance

Both academic research and historical incidents have shown that unstable BGP speakers can have extreme, undesirable impacts on network performance and reliability. Large amounts of time and energy have been invested in improving router stability. In this paper, we show how an adversary in control of a BGP speaker in a transit AS can cause a victim router in an arbitrary location on the Internet to become unstable. Through experimentation with both hardware and software routers, we examine the behavior of routers under abnormal conditions and come to three conclusions. First, that unexpected but perfectly legal BGP messages can place routers into those states with troubling ease. Second, that an adversary can implement attacks using these messages to disrupt the function of victim routers in arbitrary locations in the network. And third, modern best practices do not blunt the force of these attacks sufficiently. These conclusions lead us to recommend more rigorous testing of BGP implementations, focusing as much on protocol correctness as on software correctness.

Nicholas Hopper | Max Schuchard | Yongdae Kim | Christopher Thompson

[1] Lixin Gao,et al. A measurement study on the impact of routing events on end-to-end internet path performance , 2006, SIGCOMM.

[2] Songwu Lu,et al. IPv4 address allocation and the BGP routing table evolution , 2005, CCRV.

[3] Daniel Massey,et al. A study of BGP path vector route looping behavior , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[4] Daniel Massey,et al. Observation and analysis of BGP behavior under stress , 2002, IMW '02.

[5] A. Dammer. How Secure are Secure Interdomain Routing Protocols , 2011 .

[6] Nick Feamster,et al. Measuring the effects of internet path faults on reactive routing , 2003, SIGMETRICS '03.

[7] Xin Zhao,et al. On the Aggregatability of Router Forwarding Tables , 2010, 2010 Proceedings IEEE INFOCOM.

[8] Ramesh Govindan,et al. An empirical study of router response to large BGP routing table load , 2002, IMW '02.

[9] Lixin Gao,et al. Stable Internet routing without global coordination , 2000, SIGMETRICS '00.

[10] Daniel Massey,et al. Analysis of BGP Update Surge during Slammer Worm Attack , 2003, IWDC.