1 / 17

Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Losing Control of the Internet: Using the Data Plane to Attack the Control Plane. The Internet. Data Plane Control Plane. Autonomous Systems. Core ASes Fringe ASes Transit ASes. Border Gateway Protocol. Connects Different ASes Defines Route Selection Updates. Performance of BGP.

deva
Télécharger la présentation

Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

  2. The Internet • Data Plane • Control Plane

  3. Autonomous Systems • Core ASes • Fringe ASes • Transit ASes

  4. Border Gateway Protocol • Connects Different ASes • Defines Route Selection • Updates

  5. Performance of BGP • Loss of Nodes • Re-advertisements • Route flapping • Mitigating Route Flapping

  6. Coordinated Cross Plane Session Termination Attack • Targeted Route Flapping • Targets BGP sessions • Attacks Transit ASes • Process • Effects

  7. Attacker Model • Unprivileged Adversary • Does not control BGP speakers • Generate Control Plane Events • Botnet

  8. Selecting Targets • Centrality measures • Traceroutes by Bots • Getting around ECMP routing

  9. CXPST and Dynamic Networks • CXPST changes network topology • Issues? • Compensation

  10. Beating Defenses • BGP Graceful Restart • Minimal Route Advertisement Intervals • Route Flapping Damper

  11. Simulation • Topology of the Network • The Botnet • BGP Update Generation • Time to Process Updates

  12. Simulation Results

  13. Possible Defenses • BGP Graceful Restart • Route Flap Dampening

  14. Stopping Session Failure • Disabling Holds • Service Class • Deployment Issues

  15. Attack Prevention • Interdomain Routing • Traffic Filtering • Packet Marking • Schedulers • DoS flooding Defenses • Surge Protection • Pushback • Phalanx All Fail!

  16. Discussions • Route Flapping Control • Denial of Service Defenses • Network Complexities • Long Term Defenses

  17. Conclusions • Control plane is vulnerable • No currently deployable solution • Short and long term solutions

More Related