Finding the faulty router

7/29/2019 Finding the faulty router

1/23

1/30/2013 12:17 PM NETWORKING IS THE HEART OFCOMMUNICATION 1

Finding the Faulty orMalicious Router

By,

K.Prakash

R.Aneesh KumarMEPCO


2/23


Introduction

Network routing is vulnerable to

disruptions

This cannot be avoided by having a

Secure routing Protocol


3/23


Topics

Existing Approach

Secure TraceRoute

Authenticating Secure TracerouteUsing the Secure TraceRoute

Routing Asymmetry

Attacks


4/23


EXISTING APPROCH

To securing the Routing Protocol

Validate routing updates

Verify their authenticity

Accuracy

Consistency


5/23


EXISTING APPROCH

BGP

It has no mechanism for Authenticity of the

Information or Accuracy of the information it

distributes


6/23


EXISTING APPROCH

S BGP

By digital Signature

Centralized Registry


7/23


Secure TraceRoute

Normal Traceroute

STR has various Specifications of Packet

1. Hop by hop as the normal traceroute protocol.

2. Reply the node establishes a shared key for encrypted

authenticated Communication

3. Agreed identifying marker in the reply as securetraceroute ACK

4. MAC with addition to marker to ensure authentication

origin


8/23


Secure TraceRoute

R1 R2

S D

R3 R6R5R4

R2 initiates the secure

traceroute

Flagged as

faulty

?

CheckS3

Check S4

Check S5

OK R3OK R4

NOT OK


9/23


Secure TraceRoute

Iterative process of above steps leads toA Complete route is determined

A faulty linked is found

Secure trace route is more expensive

To make it cost effective we can start at

the point where traceroute indicates a

problem.


10/23


Authenticating Secure Traceroute

Public Key Infrastructure using Standard

Protocols

Web of Trust techniques can be used

Key severs


11/23


Using the Secure TraceRoute

We have proposed a Five stage process

1. Complaint

2. Complaint Evaluation

3. Normal Traceroute

4. Secure Traceroute

5. Problem Correction


12/23



Complaint

End host can send its traffic by setting the

complaint Bit

Source address spoofing


13/23



Complaint Evaluation

If a routers complaint level goes high-then the

receiving router can initiate the investigation

It can starts its investigation by itself

(Complaining router) but its better to be done by

its down stream.Each router waits for a random number of time

before its investigation


14/23

1/30/2013 12:17 PM NETWORKING IS THE HEART OF

COMMUNICATION

14


Normal Secure traceroute

It is the first step in the investigation

Path returned by a normal traceroute may be

completely misleading or intercepted by

malicious router or successful path.

This information can be the start point


15/23


COMMUNICATION

15


Secure tracerouteTo verify the route, the secure traceroute is

initiated

Two casesNormal traceroute gives the successful path then

secure traceroute is cheep.

If normal traceroute has been terminated prematurelythen secure traceroute is stated with the closest node

to the point of failure.

Note: path is given by Normal traceroute is notauthenticated


16/23


COMMUNICATION

16


Problem Correction

Routing around

Notifying to down stream routes

Human intervention


17/23


COMMUNICATION

17

Routing Asymmetry

Internet Routing is Asymmetry

This creates two problems

1. End node may not be knowing about its

inability to communicate to its peer host

because of network problem in one direction

or opposite direction or in both direction.

2. It also affects secure traceroute performance.


18/23


COMMUNICATION

18

Routing Asymmetry

Impact on the end host complaint process

A receives Bs packet but not the ACK for As

Packet A B,B A

The same B receives packet form A but not the

ACK for Bs packet A B,B A

Another case the both A and B does not receivepackets. A B,B A.


19/23


COMMUNICATION

19

Routing Asymmetry

Impact on Secure traceroute

Two types of difficulties we are facing

A receives Bs packet but not the ACK for As Packet

A B,B AAfter establishing the channel, a new problem may

arise between A to B.

In both the cases two routers may not be

able to establish complete connection.


20/23


COMMUNICATION

20

Routing Asymmetry

SolutionIP source routing

Worst case : if B is not able communicate

to A- rerouting in new route


21/23


COMMUNICATION

21

Attacks

There are number of Potential Attacks

against the Approach. Some are

Unresponsive end host

Malicious router may adjust its disruptive

behaviour so as to avoid detection


22/23


COMMUNICATION

22

Conclusion

Not only a secured routing protocol butalso well behaved Packet forwarding isNeeded


23/23


COMMUNICATION

23

THANKYOU REFERENCES:

1. WWW.NETVMG.COM

2. WWW.ROUTESCIENCE.COM

3. WWW.SOCKEYE.COM

4. RFC 3221

5. PERISITENT ROUTE COLLISIONS IN INTER-DOMAINROUTING, COMPUTERNETWORKS,2000

Q

U

RI

E

S

?
http://www.netvmg.com/http://www.routescience.com/http://www.sockeye.com/http://www.sockeye.com/http://www.routescience.com/http://www.netvmg.com/

Documents

Finding the faulty router