By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.

Slides:

Advertisements

Similar presentations

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

Advertisements

1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

The Structure of Networks with emphasis on information and social networks T-214-SINE Summer 2011 Chapter 8 Ýmir Vigfússon.

Best Practices for ISPs

Part II: Inter-domain Routing Policies. March 8, What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!

Distributed Route Aggregation on the Global Network (DRAGON) João Luís Sobrinho 1 Laurent Vanbever 2, Franck Le 3, Jennifer Rexford 2 1 Instituto Telecomunicações,

Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada ISP-Friendly Peer Matching without ISP Collaboration Mohamed Hefeeda (Joint.

Making Routers Last Longer with ViAggre Hitesh Ballani, Paul Francis, Tuan Cao and Jia Wang Cornell University and AT&T Labs- Research Presented by Gregory.

HLP: A Next Generation Interdomain Routing Protocol Lakshminarayanan Subramanian* Matthew Caesar* Cheng Tien Ee*, Mark Handley° Morley Maoª, Scott Shenker*

1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:

University of Massachusetts at Amherst 1 Flooding Attacks by Exploiting Persistent Forwarding Loops Jianhong Xia, Lixin Gao and Teng Fei University of.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

Tutorial 5 Safe Routing With BGP Based on: Internet.

Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.

Routing So how does the network layer do its business?

Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.

MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

Stable Internet Routing Without Global Coordination Jennifer Rexford Princeton University Joint work with Lixin Gao (UMass-Amherst)

Routing and Routing Protocols

Inherently Safe Backup Routing with BGP Lixin Gao (U. Mass Amherst) Timothy Griffin (AT&T Research) Jennifer Rexford (AT&T Research)

Routing of Outgoing Packets with MP-TCP draft-handley-mptcp-routing-00 Mark Handley Costin Raiciu Marcelo Bagnulo.

Computer Networks Layering and Routing Dina Katabi

Inter-domain Routing Outline Border Gateway Protocol.

1 Studying Black Holes on the Internet with Hubble Ethan Katz-Bassett, Harsha V. Madhyastha, John P. John, Arvind Krishnamurthy, David Wetherall, Thomas.

Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.

Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.

Introduction to BGP.

CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.

How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.

On AS-Level Path Inference Jia Wang (AT&T Labs Research) Joint work with Z. Morley Mao (University of Michigan, Ann Arbor) Lili Qiu (University of Texas,

Lecture 4: BGP Presentations Lab information H/W update.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.

BCNET Conference April 29, 2009 Andree Toonk BGPmon.net Prefix hijacking! Do you know who's routing your network? Andree Toonk

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

A Measurement Study on the Impact of Routing Events on End-to-End Internet Path Performance Feng Wang 1, Zhuoqing Morley Mao 2 Jia Wang 3, Lixin Gao 1,

Engineering Workshops Purposes of Neighbor Solicitation.

A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡

1 A Framework for Measuring and Predicting the Impact of Routing Changes Ying Zhang Z. Morley Mao Jia Wang.

Routing and Routing Protocols

Eliminating Packet Loss Caused by BGP Convergence Nate Kushman Srikanth Kandula, Dina Katabi, and Bruce Maggs.

CS 4396 Computer Networks Lab BGP. Inter-AS routing in the Internet: (BGP)

1 Version 3.1 Module 6 Routed & Routing Protocols.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 6: Static Routing Routing and Switching Essentials.

Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 16 PHILLIPA GILL - STONY BROOK U.

CS 640: Introduction to Computer Networks Aditya Akella Lecture 11 - Inter-Domain Routing - BGP (Border Gateway Protocol)

Spring 2010CS 3321 Interdomain Routing. Spring 2010CS 3322 How to Make Routing Scale Flat versus Hierarchical Addresses Inefficient use of Hierarchical.

Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.

1 Effective Diagnosis of Routing Disruptions from End Systems Ying Zhang Z. Morley Mao Ming Zhang.

Michael Schapira, Princeton University Fall 2010 (TTh 1:30-2:50 in COS 302) COS 561: Advanced Computer Networks

Inferring AS Relationships. The Problem  One view  AS relationships  BGP route tables  The other view  BGP route tables  AS relationships  Available.

Inter-domain Routing Outline Border Gateway Protocol.

1 Internet Routing 11/11/2009. Admin. r Assignment 3 2.

1 On the Impact of Route Monitor Selection Ying Zhang* Zheng Zhang # Z. Morley Mao* Y. Charlie Hu # Bruce M. Maggs ^ University of Michigan* Purdue University.

CS 3700 Networks and Distributed Systems

CS 3700 Networks and Distributed Systems

COS 561: Advanced Computer Networks

Interdomain Traffic Engineering with BGP

Introduction to Networks

No Direction Home: The True cost of Routing Around Decoys

Chapter 2: Static Routing

Department of Computer and IT Engineering University of Kurdistan

Inter-domain Routing Outline Homework #3 solutions

An Analysis of BGP Multiple Origin AS (MOAS) Conflicts

COS 461: Computer Networks Spring 2014

BGP Instability Jennifer Rexford

Presentation transcript:

by Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B

 An AS advertises a false route for an IP prefix, stealing traffic that is heading for those IPs  May be configuration error or malicious  Can DOS actual destination  Can redirect to phishing servers  Has occurred multiple times in the past

 When will Y choose X’s invalid path over the original, correct path?  Depends on: ◦ 1. Provider-peer-customer relationship ◦ 2. Advertised AS-hop distance to destination ◦ 3. Y’s internal routing

AS Y’s traffic to prefix p can ( ✓ ), cannot ( ✗ ) or can partly (–) be hijacked depending on its existing route and the invalid route.

 Hijack traffic for a prefix, then forward it to the real destination  Man in the middle attack  Transparent to victim

 Requirement: None of the ASes along the route to the actual destination used by the hijacking AS should choose the invalid route advertised X’s original path to C3: X-W-Q-C1-C2-C3 1.X sends false advertisement to Z 2.Z propagates path to W 3.W changes its path to C3: W-Z-X-?

 Assuming “valley-free” property (majority of Internet): ◦ All route paths and route advertisement propagation paths consist of:  0 or more customer-provider links, followed by  0 or 1 peer link, followed by  0 or more provider-customer links In exactly that order  3 cases: ◦ X’s existing route is a customer route  X can safely advertise hijack path to all neighbors. The advertisement will never loop back to X’s real path ◦ X’s existing route is a peer route  X can safely advertise hijack path to all neighbors ◦ X’s existing route is a provider route  X can safely advertise hijack path to customers and peers. Advertising to providers may cause a loop.

 Advertise to neighbors that its distance to a target prefix is 1 hop ◦ Hijacks all traffic for that prefix from peers with existing provider routes to the prefix ◦ Hijacks all traffic for that prefix from peers with existing peer routes with length > 1 to the prefix ◦ Hijacks some traffic for peers with existing peer routes of length 1 to the prefix  We’ll have an upper and lower bound of hijacked traffic based on this  Tier 1 ASes only have peers and customers ◦ Can always intercept if it hijacks

 Collected routing tables from University of Oregon’s Route-Views repository for 7 Tier 1 ASes  For each AS, determine the prefixes in the Internet routing table whose traffic can be hijacked from the other 6 ASes

 Used all 34 ASes in Route-Views repository ◦ 7 tier 1, 19 tier 2, 8 tier 3+  Used Cooperative Association for Internet Data Analysis (CAIDA)’s AS relationship data to determine provider-peer-customer topology  For each AS: Can it hijack traffic for prefix p (in one of the 33 other ASes)? If yes, can it route the traffic to p’s owner?

 Actual hijacking % is the percentage of ASes in the Route-View set that chose the invalid route  Real-world results are within estimated range for 11 of 16 events

 Deployed hosts at 5 different sites. ◦ 1 host would be a target ◦ Other 4 emulate an ISP and try to intercept target’s traffic  Stub AS with only provider links to the rest of internet, so manually configured which routers advertise invalid paths and which don’t in order to not create loops  Used 23k recursive nameservers in 7.5k different ASes to generate traffic aimed at target host

 Traffic interception can cause next-hop anomalies  Used the Route-Views repository to determine the sets of next-hop ASes  For date-plane information, used traceroutes collected in IPlane project ◦ Traceroutes to ~100,000 prefixes from ~200 nodes daily  Mapped IPs to ASes and compared with next-hop data for four different days

 Majority of anomalies detected were due to incorrect IP-to-AS mapping data ◦ Many cases in which an AS uses IPs which appear to belong to another AS’s address space  Many anomalies due to traffic engineering: propagating specific paths only to specific peers, etc.  The vast majority of detected anomalies are explained away with these reasons.  Unable to conclusively classify any anomalies as traffic interception  Does not rule out existing traffic interception ◦ These anomalies occur only for certain specific cases of traffic interception. Other cases of traffic interception may not create this anomaly

 ASes higher up in the routing hierarchy can hijack and intercept prefixes from the majority of ASes on the Internet  Even small ASes can hijack and intercept prefixes from a significant number of ASes  Proof of concept suggests that it is simple for ASes to intercept traffic within the existing routing setup  Attempt to detect interception shows some of the many challenges in accurately detecting interception

 Made a lot of assumptions and simplifications on how ASes decide to route  Sample size for estimated numbers seems low ◦ Used 34 ASes, currently there are over 49k assigned ASNs  Does it really matter?