Tytuł | Kirin: Hitting the Internet with Distributed BGP Announcements |
Publication Type | Conference Paper |
Rok publikacji | 2024 |
Autorzy | Prehn L, Foremski P, Gasser O |
Conference Name | ACM Asia Conference on Computer and Communications Security (AsiaCCS 2024) |
Date Published | 07/2024 |
Publisher | ACM |
Conference Location | Singapore |
ISBN Number | 9798400704826 |
Słowa kluczowe | BGP, DDoS, IPv6 |
Abstract | The Internet is a critical resource in the daily life of billions of users. To support the growing number of users and their increasing demands, operators continuously scale their network footprint–-e.g., by joining Internet Exchange Points (IXPs)–-and adopt relevant technologies–-such as IPv6–-which provides a vastly larger address space than its predecessor.In this paper, we revisit prefix de-aggregation attacks in the light of these two changes and introduce Kirin–-an advanced BGP prefix de-aggregation attack that announces millions of IPv6 routes via thousands of IXP connections to overflow the memory of routers within remote ASes. Kirin's highly distributed nature allows it to bypass traditional route-flooding defense mechanisms, such as per-session prefix limits or route flap damping.We analyze Kirin's theoretical feasibility by formulating it as a mathematical optimization problem, test for practical hurdles by deploying enough infrastructure to perform a micro-scale Kirin attack using 4 IXPs, and validate our assumptions via BGP data analysis, real-world measurements, and router testbed experiments. Despite its low deployment cost, we find that Kirin may inject lethal amounts of routes into the routers of thousands of ASes. |
URL | https://kirin-attack.github.io/ |
DOI | 10.1145/3634737.3657000 |