Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

The Internet

• Data Plane• Control Plane

Autonomous Systems

• Core ASes• Fringe ASes• Transit ASes

Border Gateway Protocol

• Connects Different ASes• Defines Route Selection• Updates

Performance of BGP

• Loss of Nodes• Re-advertisements• Route flapping• Mitigating Route Flapping

Coordinated Cross Plane Session Termination Attack

• Targeted Route Flapping• Targets BGP sessions• Attacks Transit ASes• Process• Effects

Attacker Model

• Unprivileged Adversary• Does not control BGP speakers• Generate Control Plane Events• Botnet

Selecting Targets

• Centrality measures• Traceroutes by Bots• Getting around ECMP routing

CXPST and Dynamic Networks

• CXPST changes network topology• Issues?• Compensation

Beating Defenses

• BGP Graceful Restart• Minimal Route Advertisement Intervals• Route Flapping Damper

Simulation

• Topology of the Network• The Botnet• BGP Update Generation• Time to Process Updates

Simulation Results

Possible Defenses

• BGP Graceful Restart• Route Flap Dampening

Stopping Session Failure

• Disabling Holds• Service Class• Deployment Issues

Attack Prevention

• Interdomain Routing• Traffic Filtering• Packet Marking• Schedulers• DoS flooding Defenses• Surge Protection• Pushback• Phalanx

All Fail!

Discussions

• Route Flapping Control• Denial of Service Defenses• Network Complexities• Long Term Defenses

Conclusions

• Control plane is vulnerable• No currently deployable solution• Short and long term solutions