19 March 2003Page 1 BGP Vulnerabilities Draft March 19, 2003 Sandra Murphy

Slides:

Advertisements

Similar presentations

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Advertisements

CCNP Network Route BGP Part -I BGP : Border Gateway Protocol. It is a distance vector protocol It is an External Gateway Protocol and basically used for.

RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

Computer Security and Penetration Testing

CISCO NETWORKING ACADEMY PROGRAM (CNAP)

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

CS Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

Path Vector Routing NETE0514 Presented by Dr.Apichan Kanjanavapastit.

Routing: Exterior Gateway Protocols and Autonomous Systems Chapter 15.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.

1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.

The Border Gateway Protocol (BGP) Sharad Jaiswal.

More on BGP Check out the links on politics: ICANN and net neutrality To read for next time Path selection big example Scaling of BGP.

Border Gateway Protocol (BGP). 2 CORE, PEERs Autonomous Systems BGP Basic Operations The BGP Routing Process.

Feb 12, 2008CS573: Network Protocols and Standards1 Border Gateway Protocol (BGP) Network Protocols and Standards Winter

Border Gateway Protocol (BGP4) Rizwan Rehman, CCS, DU.

Border Gateway Protocol Vasant Reddy. Contents Introduction Operation BGP Types BGP Header Message & Attributes BGP Route Processing Security Issues Vulnerabilities.

1 CMPT 471 Networking II BGP. © Janice Regan, External Gateway Protocol  An EGP is designed to control the passage of information between autonomous.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

IIT Indore © Neminath Hubballi

M. Menelaou CCNA2 DYNAMIC ROUTING. M. Menelaou DYNAMIC ROUTING Dynamic routing protocols can help simplify the life of a network administrator Routing.

NECP: the Network Element Control Protocol IETF WREC Working Group November 11, 1999.

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking BGP, Flooding, Multicast routing.

TCP/SYN Attack – use ACL to allow traffic from TCP connections that were established from the internal network and block packets from an external network.

Border Gateway Protocol

A Security-Aware Routing Protocol for Wireless Ad Hoc Networks

CS 3830 Day 29 Introduction 1-1. Announcements r Quiz 4 this Friday r Signup to demo prog4 (all group members must be present) r Written homework on chapter.

CS332, Ch. 26: TCP Victor Norman Calvin College 1.

Dennis Beard Sandra Murphy Yi Yang March 2003 Threats to Routing Protocols.

03/07/2005IETF 62, Minneapolis NAT requirements for TCP (BEHAVE WG) draft-sivakumar-behave-nat-tcp-req-00.txt S.Sivakumar, K.Biswas, B.Ford.

Border Gateway Protocol

Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.

More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.

TCP-AO Key Management Sandra Murphy

11/9/2004SPARTA: IETF 611 RPSEC THREATS STATUS Sandra Murphy.

Internet Protocols. ICMP ICMP – Internet Control Message Protocol Each ICMP message is encapsulated in an IP packet – Treated like any other datagram,

An internet is a combination of networks connected by routers. When a datagram goes from a source to a destination, it will probably pass through many.

4: Network Layer4b-1 OSPF (Open Shortest Path First) r “open”: publicly available r Uses Link State algorithm m LS packet dissemination m Topology map.

Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.

Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.

1 draft-sidr-bgpsec-protocol-05 Open Issues. 2 Overview I received many helpful reviews: Thanks Rob, Sandy, Sean, Randy, and Wes Most issues are minor.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Course Introduction.

11 Softwire Security Analysis and Guidance for Mesh Shu Yamamoto Carl Williams Florent Parent Hidetoshi Yokota draft-ietf-softwire-security-requirements-XX.txt.

1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.

BGP and ICMP. Exterior Gateway Protocol (EGP) Like RIP, but no metrics. Just if reachable. Rtr inside a domain collects reachability information and informs.

BGP Basics BGP uses TCP (port 179) BGP Established unicast-based connection to each of its BGP- speaking peers. BGP allowing the TCP layer to handle such.

Text BGP Basics. Document Name CONFIDENTIAL Border Gateway Protocol (BGP) Introduction to BGP BGP Neighbor Establishment Process BGP Message Types BGP.

RPSEC WG Issues with Routing Protocols security mechanisms Vishwas Manral, SiNett Russ White, Cisco Sue Hares, Next Hop IETF 63, Paris, France.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.

K. Salah1 Security Protocols in the Internet IPSec.

BGP Validation Russ White Rule11.us.

ROUTING ON THE INTERNET COSC Jun-16. Routing Protocols  routers receive and forward packets  make decisions based on knowledge of topology.

Chapter 14 Routing Protocols (RIP, OSPF, and BGP)

RPSEC WG Issues with Routing Protocols security mechanisms

Outline Basics of network security Definitions Sample attacks

ICMP ICMP – Internet Control Message Protocol

Chapter 4: Network Layer

Department of Computer and IT Engineering University of Kurdistan

BGP Instability Jennifer Rexford

Computer Networks Protocols

Outline Basics of network security Definitions Sample attacks

Presentation transcript:

19 March 2003Page 1 BGP Vulnerabilities Draft March 19, 2003 Sandra Murphy

19 March 2003Page 2 Changes Since November Many changes in text, but few changes in vulnerabilities –terminology now reflects FSM terminology Tried to follow security considerations guidelines draft ( draft-iab-sec-cons-03.txt) Note: any change in protocol behavior necessitates a security analysis (usually trivial, but…)

19 March 2003Page 3 Vulnerabilities vs Messages Vulnerabilitites from malformed message headers Vulnerabilities from OPEN, KEEPALIVE, and NOTIFICATION messages –if a legitimate peer sends you such a message, hard to say that it is “bogus” –so vulnerability comes from outsiders Vulnerabilities from UPDATE Vulnerabilities from support protocols –TCP, because BGP mandates use of BGP –other supporting protocols

19 March 2003Page 4 Message Header Errors E21: connection is broken

19 March 2003Page 5 OPEN (outsiders only) E19 –in states Connect, Active, and Established will break the connection (and may do peer oscillation dampening) –in state OpenSent may set up breaking of the connection when the valid OPEN arrives later, based on results of connection collision algorithm E20 – in state OpenSent or Established when open delay timer is running breaks connection (and may do peer oscillation dampening)  but this must be an FSM error in the receiver, hard to exploit E22 –(malformed Open) will break the connection (and may do peer oscillation dampening) peer oscillation may limit how soon the connection can be re-established

19 March 2003Page 6 KEEPALIVE (outsiders only) E26: in states Connect, Active, and OpenSent will cause the connection to transition to Idle state, ceasing the attempt to establish the connection, even though peer may complete the connection on its end

19 March 2003Page 7 NOTIFICATION (outsiders only) E25 in any state breaks the connection (and may do peer oscillation dampening) or ceases the attempt to establish a connection. E26 does the same except that it does not do peer oscillation dampening

19 March 2003Page 8 UPDATE E28 (malformed Update) will break the connection (and may do peer oscillation dampening)

19 March 2003Page 9 UPDATE:Withdrawn Routes Outsiders could damage the routing behavior if they were able to insert forged withdrawals The legitimate peers have the authority to withdraw routes as they wish, so it it is hard to say that a withdrawal is “bogus” (i.e., not a vulnerability from legitimate peers)

19 March 2003Page 10 UPDATE: Path Attributes: NEXT_HOP Can use Next-Hop to induce a peer to forward traffic to another BGP speaker (the victim) who peers with them –the victim BGP speaker may not be able to forward traffic –the victim BGP speaker will carry traffic that it might not have intended to carry (resource stealing) ABC UPDATE, Next-Hop=, NLRI=N traffic for N

19 March 2003Page 11 TCP related vulnerabilities SYN Flooding E14, E16, E17: TCP SYN, TCP SYN ACK, TCP ACK: depending on the timing and the state, can create a bogus connection or can break an existing connection E18: TCP RST/FIN/etc: may break an existing connection

19 March 2003Page 12 Other Supporting Protocols E2: Manual stop: will break an existing connection E9-13: Keepalive, Hold, and Open Delay timers can have various affects on the behavior of BGP BGP is dependent on the security of the protocols by which manual stop could be caused or timers could be changed

19 March 2003Page 13 RFC2385 The use of TCP MD5 would prevent outsiders from using forged message insertion or message modification to exploit these vulnerabilities. Protection against replay is provided by the sequence numbers of TCP. Can be circumvented, but not likely for mature TCP implementations. Reliant on use of good keys, protecting keys from exposure, etc.

19 March 2003Page 14 Unconfigured Peers Base draft says that implementations may accept “unconfigured peers” This is hard to reconcile with TCP MD5 which requires a shared secret –suggestion: the listen socket may be configured with a secret that all the “unconfigured” peers would have to know –so “unconfigured” peers must have communicated with you to learn the key and they all know the same key How to address this in vulnerabilities draft? –“Unconfigured peers are not in scope for the base BGP draft. However, it is know that some implementations do support this. The use of RFC2385 would mean that these unconfigured peers must at least have communicated with the BGP speaker to learn the key to use. The manner in which the key is distributed to these unconfigured peer can have an affect on the security that is provided. For example, if a group of routers all know the same key to use in TCP MD5, then TCP MD5 can only assure that connections are from some member of the group and cannot assure that the source is the particular member of the group mentioned.”

19 March 2003Page 15 Acts of Omission discussion from rpsec group: the following are attacks: –underclaiming: failure to advertise a NLRI that the AS owns –discard of control packets: failure to forward control packets  (perhaps - not announcing a withdrawal when you receive a withdrawal?) should this be included in the draft?