bgp vulnerability

17

TIME TO SHUTDOWN INTERNET CORE ROUTER HTTP://IPSECS.COM

Upload: don-anto

Post on 20-Aug-2015

1.659 views

Category:

Technology

0 download

Report

Download

Tags:

Embed Size (px):

TRANSCRIPT

Page 1: BGP Vulnerability

TIME TO SHUTDOWNINTERNET CORE ROUTER

HTTP://IPSECS.COM

Page 2: BGP Vulnerability

COMMUNICATION

Analog communication Digital communication Analog communication to

digital communication convergence

Internet Protocol

Page 3: BGP Vulnerability

FUTURE COMMUNICATION

IP based communication will become the core communication?

Scalability and reliability communication infrastructure?

Vulnerability and security threat?

Page 4: BGP Vulnerability

CORE COMMUNICATION

Access Control List? Default password issue? Weak password? Unencrypted remote login? Routing protocol vulnerability? We will focus on Border Gateway

Protocol (BGP) now

Page 5: BGP Vulnerability

BGP VULNERABILITY

BGP messages TCP vulnerability BGP internet man in the

middle Documented on RFC 4272

Page 6: BGP Vulnerability

BGP MESSAGES

BGP states? idle, connect, active, opensent, openconfirm, established

BGP message? open, update, notification, keep alive

BGP message modification to poison routing table and Denial of Service

Complex and nearly impractical

Page 7: BGP Vulnerability

Page 8: BGP Vulnerability

TCP VULNERABILITY

BGP and TCP port 179 SPOOFED TCP RST/FIN? TCP port flooding (SYN) TCP session ends = BGP idle

Page 9: BGP Vulnerability

Page 10: BGP Vulnerability

BGP MAN IN THE MIDDLE More specific network prefix wins Use tracroute to identify routing

from source to destination Use route-map and AS-PATH

prepending Static routing to give information

about next-hop-router

Page 11: BGP Vulnerability

Page 12: BGP Vulnerability

router bgp 100network 10.10.220.0 mask 255.255.255.0neighbor 2.2.4.2 remoteas 40neighbor 2.2.4.2 prefixlist JACKED outneighbor 2.2.4.2 routemap HIJACK outneighbor 4.3.2.1 remoteas 10neighbor 4.3.2.1 prefixlist ANN outneighbor 5.4.3.1 remoteas 60neighbor 5.4.3.1 prefixlist JACKED outneighbor 5.4.3.1 routemap HIJACK out!ip route 10.10.220.0 255.255.255.0 4.3.2.1!ip prefixlist ANN seq 10 permit 2.2.4.0/24ip prefixlist ANN seq 15 permit 4.3.2.0/24ip prefixlist ANN seq 20 permit 5.4.3.0/24!ip prefixlist JACKED seq 10 permit 2.2.4.0/24ip prefixlist JACKED seq 15 permit 4.3.2.0/24ip prefixlist JACKED seq 20 permit 5.4.3.0/24ip prefixlist JACKED seq 25 permit 10.10.220.0/24routemap HIJACK permit 10set aspath prepend 10 20 200

Page 13: BGP Vulnerability

Page 14: BGP Vulnerability

SOME POLICIES

Design and topology? Access Control List implementation? Complex password Encrypted connection (SSH & HTTPS)

Page 15: BGP Vulnerability

DEMO BGP ATTACK

Page 16: BGP Vulnerability

QUESTION? ANSWER

Page 17: BGP Vulnerability

THANK YOU

Deploying BGP Fast Convergence BGP PICd2zmdbbm9feqrf.cloudfront.net/2013/eur/pdf/BRKIPM-2265.pdf · Deploying BGP Fast Convergence / BGP PIC Oliver Böhmer BRKIPM-2265 ... • Designing

Overlays and The Evolution of BGP Peering. Agenda BGP Issues – Overlay Networks – VPNs – ToR BGP…

Hands-on Advanced Networking Topics: BGP, BGP Hijacking

BGP meets Big Data...BGP meets Big Data Monitoring BGP –Snapshot vs. History BGP Monitoring Protocol –RFC 7854 BMP collector BMP client Inbound policy BMPmessages BGP peers (external)

BGP - CiscoBGP Name/CLIKeyword bgp FullName BorderGatewayProtocol BorderGatewayProtocol(BGP)isaprotocoldesignedtosharenetwork information(forexamplenetworkreachability

Deploying BGP Fast Convergence - Deniz AYDINmonsterdark.com/wp-content/uploads/Deploying-BGP-Fast-Converge… · Deploying BGP Fast Convergence / BGP PIC Oliver Böhmer BRKIPM-2265

Internet inter-AS routing: BGP - inet.tu-berlin.de file3 BGP Basics Pairs of routers (BGP peers) exchange routing info over semi-permanent TCP connections: BGP sessions Note that BGP

Journey to IPv6set protocols bgp group IPV6-BGP type internal set protocols bgp group IPV6-BGP local-address 2400:1a00:100:10::1 set protocols bgp group IPV6-BGP family inet6 unicast

BGP V1.1. When is BGP Applicable Basic BGP Peer Configuration Troubleshooting BGP Connections BGP Operation and Path Attributes Route Import/Export Selected

BGP Techniques for Internet Service Providers...BGP Techniques for Internet Service Providers BGP Basics Scaling BGP Using Communities Deploying BGP in an ISP network The role of IGPs

Introduction to BGP - SourceForgedslrouter.sourceforge.net/stuff/cisco/bgp-0.pdf · BGP neighbour status Router1>sh ip bgp sum BGP router identifier 100.1.15.224, local AS number

1 Border Gateway Protocol (BGP). 2 Contents Internet connectivity and BGP connectivity services, AS relationships BGP Basics BGP sessions, BGP

Border Gateway Protocol BGP Network delay … Gateway Protocol, BGP Network delay simulator, BGP Router emulator, BGP latency, BGP network emulator, network impairments, OSPFv2, OSPFv3,

Implementing BGP - Cisco · Implementing BGP BorderGatewayProtocol(BGP)isanExteriorGatewayProtocol(EGP)thatallowsyoutocreateloop-free interdomainroutingbetweenautonomoussystems

BGP Large Communities- a new BGP Routing Heuristic

BGP Best Current Practicesftp.ines.ro/doc/isp-workshops/BGP Presentations/5-bgp-bcp.pdf · Cisco IOS Good Practices ! BGP in Cisco IOS is permissive by default ! Configuring BGP peering

Large BGP Communities - NOG · – Perceived as a micro optimization • Flexible BGP Communities (draft-lange-flexible-bgp-communities) – December 2002 – August 2010 – BGP

BGP Vulnerability Testing: Separating Fact from FUD v1 · 2015-05-28 · Testing BGP Implementations • Goal: sample the responses of a variety of implementations to known and potential

BGP-TE APPLICATION LEVEL TOPOLOGY …...BGP Speaker BGP BGP Speaker Speaker IGP Router AS1 Prefix 1, 2, 3, … Prefix 11, 12, 13, … Prefix 21, 22, 23, … BGP Speaker Prefix 31,

BGP for Internet Service Providers - deneb.iszt.hudeneb.iszt.hu/~kalmar/cisco/BGP-tutorial.pdf · BGP General Operation • Learns multiple paths via internal and external BGP speakers

BGP Secure Routing Extension (BGP-SRx)

Advanced Networking Topics: BGP, BGP Hijacking, MPLS, …

A LOOK AT RECENT BGP ROUTING INCIDENTS · A LOOK AT RECENT BGP ROUTING INCIDENTS NANOG63 . AGENDA . HIJACKING FOR MONETARY GAIN ... • BGP > OSPF > BGP • …

Cisco Prime Network Supported Technologies and Topologies, 5€¦ · Border Gateway Protocol (BGP), Multiprotocol extensions (MP-BGP), external BGP (eBGP), internal BGP (iBGP) Yes

33 - Routing - BGP - Internal and External BGP

BGP Vulnerability Testing: Separating Fact from FUD v1

BGP Techniques for Internet Service Providers · BGP Techniques for Internet Service Providers BGP Basics Scaling BGP ... BGP default is for external next-hop to be propagated unchanged

Border Gateway Protocol (BGP) Basics - Exocommexocomm.com/library/bgp/bgp.basics.pdf · BGP Protocol BGP-4 RFC 1771 (1995) RFC 1997 BGP Communities Attribute RFC 1998 Use of Community

rapid detection of bgp anomalies 1505199569 · PDF fileRapid Detection of BGP Anomalies ... Outline §BGP Anomalies ... BGP Anomalies §A single BGP update is categorised as an anomalous

Cisco - BGP Case Studiespld.cs.luc.edu/courses/net2/spr02/bgp-toc.pdfBGP4 Case Studies Section 1 Contents Introduction eBGP and iBGP Enabling BGP Routing Forming BGP Neighbors BGP

BGP Multihoming Techniques - University …nets.ucar.edu/nets/intro/staff/siemsen/hints/bgp/AfNOG2011-BGP...Case Study. AfNOG 2011 5 ... BGP Multihoming Techniques ... • failure

BGP Tutorial Tutorial BGP

BGP mVPN BGP sAFI 129 - IPv4 - CiscoHow to Configure BGP -- mVPN BGP sAFI 129 - IPv4 Configure BGP — mVPN BGP sAFI 129 - IPv4 SUMMARY STEPS 1. enable 2. configure terminal 3. vrfdefinitionvrf1

BGP Scaling Techniques - wiki.bdnog.orgwiki.bdnog.org/.../fetch.php/bdnog6/1_-_bgp_scalling_techniques.pdf · BGP Scaling Techniques Original BGP specification and implementation

Implementing BGP - cisco.com · Implementing BGP BorderGatewayProtocol(BGP)isanExteriorGatewayProtocol(EGP)thatallowsyoutocreateloop-free interdomainroutingbetweenautonomoussystems