Security threats within the interdomain routing system - PTS-ER-2007:14
03/05/2007
The interdomain routing system is a critical part of the Internet infrastructure. Unfortunately, the original design did not include mechanisms to secure the information in the system, and as is the case for any equipment that is exposed in the network there is the possibility of attacks. Thus, vulnerabilities are currently known to exist and there is a great deal of interest in improving the security of the routing system. The goal is partly to examine the extent to which protection is available, partly to spread knowledge about protective measures, and if affected users.
The attack experiments with known attacks in lab networks indicate that certain types of threats, for instance attacks against TCP connections to break or affect BGP peering sessions, are significantly more difficult to carry out in practice than what has previously been indicated in certain reports. Newer software versions have improved the protocol implementations and include some modifications to the treatment of key messages which makes it very difficult for an attacker to succeed unless traffic on the link can be monitored. Additional protection of peering connections can be afforded by MD5-based protection, although it appears to carry with some risks that increased CPU-load could be exploited for DoS-attacks. Simple DoS-attacks targeting the infrastructure are a known phenomenon but have perhaps not received as much attention as other types of attacks (with the exception of the DNS root server attacks), but our results indicate that they pose a more tangible threat than sequence number attacks against TCP.
The results suggest that deaggregations by customer ASes have a very small probability of impacting the system, thanks to extensive defensive filtering. The impact from attacks launched from different Swedish ISP ASes, on the other hand, varies from none (in about half the scenarios) to up to 60-70% of the end users being affected. However, due to market concentration there are only a few scenarios that lead to extensive consequences, and for most scenarios fewer than 10% of the users are affected. The simulations point to specific scenarios that can potentially lead to large impact, and it would be interesting to follow up the specifics with ISPs to validate the policyinformation from the routing registry and to determine if it would be feasible to introduce certain stricter filters for these specific scenarios. As a longer term goal it would be better to strive for better security support being incorporated into the protocols since filtering cannot provide a complete solution.