• Home

  • Documents

  • Losing Control of the Internet: Using the Data Plane to Attack the Control Plane
17
Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

  • Upload
    deva

  • View
    44

  • Download
    1

Tags:

Embed Size (px)

DESCRIPTION

Losing Control of the Internet: Using the Data Plane to Attack the Control Plane. The Internet. Data Plane Control Plane. Autonomous Systems. Core ASes Fringe ASes Transit ASes. Border Gateway Protocol. Connects Different ASes Defines Route Selection Updates. Performance of BGP. - PowerPoint PPT Presentation

Citation preview

Page 1: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Page 2: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

The Internet

• Data Plane• Control Plane

Page 3: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Autonomous Systems

• Core ASes• Fringe ASes• Transit ASes

Page 4: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Border Gateway Protocol

• Connects Different ASes• Defines Route Selection• Updates

Page 5: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Performance of BGP

• Loss of Nodes• Re-advertisements• Route flapping• Mitigating Route Flapping

Page 6: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Coordinated Cross Plane Session Termination Attack

• Targeted Route Flapping• Targets BGP sessions• Attacks Transit ASes• Process• Effects

Page 7: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Attacker Model

• Unprivileged Adversary• Does not control BGP speakers• Generate Control Plane Events• Botnet

Page 8: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Selecting Targets

• Centrality measures• Traceroutes by Bots• Getting around ECMP routing

Page 9: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

CXPST and Dynamic Networks

• CXPST changes network topology• Issues?• Compensation

Page 10: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Beating Defenses

• BGP Graceful Restart• Minimal Route Advertisement Intervals• Route Flapping Damper

Page 11: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Simulation

• Topology of the Network• The Botnet• BGP Update Generation• Time to Process Updates

Page 12: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Simulation Results

Page 13: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Possible Defenses

• BGP Graceful Restart• Route Flap Dampening

Page 14: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Stopping Session Failure

• Disabling Holds• Service Class• Deployment Issues

Page 15: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Attack Prevention

• Interdomain Routing• Traffic Filtering• Packet Marking• Schedulers• DoS flooding Defenses• Surge Protection• Pushback• Phalanx

All Fail!

Page 16: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Discussions

• Route Flapping Control• Denial of Service Defenses• Network Complexities• Long Term Defenses

Page 17: Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Conclusions

• Control plane is vulnerable• No currently deployable solution• Short and long term solutions


Flow Based Control Plane Situational Awareness · Flow Based Control Plane Situational ... RFC 4927-4929, RFC 4974, RFC 5063, RFC 5145-5146, RFC 5316. ... Flow Based Control Plane

Flow Based Control Plane Situational Awareness · Flow Based Control Plane Situational ... RFC 4927-4929, RFC 4974, RFC 5063, RFC 5145-5146, RFC 5316. ... Flow Based Control Plane

Documents
Losing control

Losing control

Documents
Control Plane Scalability in Software Defined Networking 2014... · Control Plane Scalability in Software Defined Networking. ... Control Plane Scalability in Software Defined Networking

Control Plane Scalability in Software Defined Networking 2014... · Control Plane Scalability in Software Defined Networking. ... Control Plane Scalability in Software Defined Networking

Documents
Vxlan control plane and routing

Vxlan control plane and routing

Technology
Marketing Nightmares - Losing Control of the Funnel

Marketing Nightmares - Losing Control of the Funnel

Marketing
Core Network Optimization: The Control Plane, Data Plane & Beyond

Core Network Optimization: The Control Plane, Data Plane & Beyond

Technology
Losing control desiree wilder

Losing control desiree wilder

Documents
OpenStack Control Plane High Availability

OpenStack Control Plane High Availability

Technology
Deploying the Control Plane Solution · Deploying the Control Plane Solution ThischapterdescribeshowtodeploythecDVRcontrolplanecomponents. • cDVROrchestrationPlatform,page1 •

Deploying the Control Plane Solution · Deploying the Control Plane Solution ThischapterdescribeshowtodeploythecDVRcontrolplanecomponents. • cDVROrchestrationPlatform,page1 •

Documents
Connect Open - af-ix.net 2017...NETFLIX DEVICE. before streaming starts = control plane = streaming = data plane = Open Connect before streaming starts= control plane = Control Plane

Connect Open - af-ix.net 2017...NETFLIX DEVICE. before streaming starts = control plane = streaming = data plane = Open Connect before streaming starts= control plane = Control Plane

Documents
User Plane and Control Plane Separation Framework for Home

User Plane and Control Plane Separation Framework for Home

Documents
Docker Networking: Control plane and Data plane

Docker Networking: Control plane and Data plane

Technology
Cloudcamp scotland - Using cloud without losing control

Cloudcamp scotland - Using cloud without losing control

Documents
Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Documents
Control Quotient: Adaptive Strategies For Gracefully Losing Control (Hacker Halted 2014)

Control Quotient: Adaptive Strategies For Gracefully Losing Control (Hacker Halted 2014)

Internet
Opt Control Plane

Opt Control Plane

Documents
Losing control: experiments in outreach

Losing control: experiments in outreach

Technology
Unified control plane in SingleBackbone

Unified control plane in SingleBackbone

Documents
Dont forget-the-control-plane

Dont forget-the-control-plane

Technology
MetalK8s An opinionated Kubernetes distribution optimized ... · - Networking - Discern control-plane and workload-plane networks - Control-plane HA either keepalived managed by MetalK8s,

MetalK8s An opinionated Kubernetes distribution optimized ... · - Networking - Discern control-plane and workload-plane networks - Control-plane HA either keepalived managed by MetalK8s,

Documents
De achtbaan der e-commerce 2.0: Losing control

De achtbaan der e-commerce 2.0: Losing control

Business
The Control Plane

The Control Plane

Documents
Control Plane Scalability in Software Defined Networking 2014 Control... · Control Plane Scalability in Software Defined ... Control Plane Scalability in Software Defined ... examples

Control Plane Scalability in Software Defined Networking 2014 Control... · Control Plane Scalability in Software Defined ... Control Plane Scalability in Software Defined ... examples

Documents
Losing Control in Qualitative Research

Losing Control in Qualitative Research

Marketing
KCU105 PCI Express Control Plane TRD User Guide … · KCU105 PCI Express Control Plane TRD User Guide ... KCU105 PCI Express Control Plane Targeted Reference Design ... Press F8

KCU105 PCI Express Control Plane TRD User Guide … · KCU105 PCI Express Control Plane TRD User Guide ... KCU105 PCI Express Control Plane Targeted Reference Design ... Press F8

Documents
Losing Control of America's Future

Losing Control of America's Future

Documents
Losing Control and Falling Into the Abyss

Losing Control and Falling Into the Abyss

News & Politics
Docker summit : Docker Networking Control-plane & Data-Plane

Docker summit : Docker Networking Control-plane & Data-Plane

Technology
User Plane and Control Plane Separation Framework for · PDF fileUser Plane and Control Plane Separation Framework for Home Base Stations ... A user plane and control plane separation

User Plane and Control Plane Separation Framework for · PDF fileUser Plane and Control Plane Separation Framework for Home Base Stations ... A user plane and control plane separation

Documents
Configuring Control Plane Policing

Configuring Control Plane Policing

Documents