Kirin: Hitting the Internet with Distributed BGP Announcements

TytułKirin: Hitting the Internet with Distributed BGP Announcements
Publication TypeConference Paper
Rok publikacji2024
AutorzyPrehn L, Foremski P, Gasser O
Conference NameACM Asia Conference on Computer and Communications Security (AsiaCCS 2024)
Date Published07/2024
PublisherACM
Conference LocationSingapore
ISBN Number9798400704826
Słowa kluczoweBGP, DDoS, IPv6
Abstract

The Internet is a critical resource in the daily life of billions of users. To support the growing number of users and their increasing demands, operators continuously scale their network footprint–-e.g., by joining Internet Exchange Points (IXPs)–-and adopt relevant technologies–-such as IPv6–-which provides a vastly larger address space than its predecessor.In this paper, we revisit prefix de-aggregation attacks in the light of these two changes and introduce Kirin–-an advanced BGP prefix de-aggregation attack that announces millions of IPv6 routes via thousands of IXP connections to overflow the memory of routers within remote ASes. Kirin's highly distributed nature allows it to bypass traditional route-flooding defense mechanisms, such as per-session prefix limits or route flap damping.We analyze Kirin's theoretical feasibility by formulating it as a mathematical optimization problem, test for practical hurdles by deploying enough infrastructure to perform a micro-scale Kirin attack using 4 IXPs, and validate our assumptions via BGP data analysis, real-world measurements, and router testbed experiments. Despite its low deployment cost, we find that Kirin may inject lethal amounts of routes into the routers of thousands of ASes.

URLhttps://kirin-attack.github.io/
DOI10.1145/3634737.3657000

Plik PDF: 

Historia zmian

Data aktualizacji: 06/12/2024 - 14:07; autor zmian: Paweł Foremski (pjf@iitis.pl)