Weaponizing BGP Using Communities Florian Streibelt, Franziska - - PowerPoint PPT Presentation

weaponizing bgp using communities
SMART_READER_LITE
LIVE PREVIEW

Weaponizing BGP Using Communities Florian Streibelt, Franziska - - PowerPoint PPT Presentation

Mar 17, 2023 211 likes •450 views

Weaponizing BGP Using Communities Florian Streibelt, Franziska Lichtblau, Robert Beverly, Cristel Pelsser, Georgios Smaragdakis, Randy Bush, Anja Feldmann 2018.11.04 Weaponizing BGP Creative Commons: Attribution & Share Alike 1

slide-1
SLIDE 1

Weaponizing BGP Using Communities

Florian Streibelt, Franziska Lichtblau, Robert Beverly, Cristel Pelsser, Georgios Smaragdakis, Randy Bush, Anja Feldmann

2018.11.04 Weaponizing BGP 1 Creative Commons: Attribution & Share Alike

slide-2
SLIDE 2

2018.11.04 Weaponizing BGP 2 Creative Commons: Attribution & Share Alike

slide-3
SLIDE 3

Ill-Defined Semantics

We have a syntax, */0 But there are no formal semantics, just convention and BCPs We’re putting semantics in comments

2018.11.04 Weaponizing BGP 3 Creative Commons: Attribution & Share Alike

slide-4
SLIDE 4

Flavors, We Think

  • Active
  • Path prepending
  • Modify local preference
  • Remote triggered blackholing
  • Selective announcements
  • Passive
  • Location Tagging
  • RTT Tagging

2018.11.04 Weaponizing BGP 4 Creative Commons: Attribution & Share Alike

And then anything a thousand kiddies have invented

slide-5
SLIDE 5

Propagation

  • RFC 1997: Communities are a

transitive optional attribute

  • RFC 7454: Scrub own, forward

foreign communities

  • So many people do not expect

them to propagate that widely

  • I, for one, did not

2018.11.04 Weaponizing BGP 5 Creative Commons: Attribution & Share Alike

slide-6
SLIDE 6

Only 14% of Transit ASs propagate communities

(2.2k of 15.5k)

2018.11.04 Weaponizing BGP 6 Creative Commons: Attribution & Share Alike

slide-7
SLIDE 7

Surprise!

  • 14% seems small, but AS graph is highly

connected

  • More than 50% of communities traverse

more than four ASes

  • 10% of communities have a hop count of

more than six ASes

  • Longest community propagation observed:

through 11 ASes

2018.11.04 Weaponizing BGP 7 Creative Commons: Attribution & Share Alike

slide-8
SLIDE 8

2018.11.04 Weaponizing BGP 8 Creative Commons: Attribution & Share Alike

  • 2

4 6 8 10 0.0 0.2 0.4 0.6 0.8 1.0 AS hop count Fraction of communities (ECDF)

slide-9
SLIDE 9

On/Off Path

2018.11.04 Weaponizing BGP 9 Creative Commons: Attribution & Share Alike

1 2 3 4 p p p

3:666 3:666 3:666

2 and 3 are On Path 4 is Off Path

slide-10
SLIDE 10

Observed Communities

2018.11.04 Weaponizing BGP 10 Creative Commons: Attribution & Share Alike

1 65000 666 100 3000 2 1000 9498 200 1000 100 1 200 2000 10 2 3000 500 % communities observed 0.0 0.2 0.4 0.6 0.8 1.0 1.2

  • ff-path
  • n-path
slide-11
SLIDE 11

So Let’s Break Things!

2018.11.04 Weaponizing BGP 11 Creative Commons: Attribution & Share Alike

slide-12
SLIDE 12

Method to our Madness

  • All experiments first tested in Lab
  • Impacts were estimated
  • Validated on the Internet, with
  • perators' consent, e.g. for hijacks

2018.11.04 Weaponizing BGP 12 Creative Commons: Attribution & Share Alike

slide-13
SLIDE 13

Remote Triggered Black Hole

2018.11.04 Weaponizing BGP 13 Creative Commons: Attribution & Share Alike

X

AS2 continues announcing p Traffic to p is dropped at AS2 AS1 sends p, tagged 2:666

AS5 AS1 AS3 AS4 AS2

BGP announcements Traffic flow

p

2:666

Safeguards:

  • Provider should check customer prefix before accepting RTBH
  • Customer may only blackhole own prefixes
  • Different policies for Customers/Peers
  • On receiving RTBH, add
slide-14
SLIDE 14

What Can Happen

2018.11.04 Weaponizing BGP 14 Creative Commons: Attribution & Share Alike

Community Target

X

Attackee Attacker Traffic to p is dropped at AS3 AS1 announces p

BGP announcements Traffic flow

AS2 hijacks p, with AS3:666

AS2 AS4 AS1 AS3

p p

AS3:666

p p

slide-15
SLIDE 15

It Works Well

  • Works multi-hop and is hard to spot
  • Triggering RTBH is possible for attackers

because, e.g.,:

  • BH prefix is more specific, thus accepted via

exception

  • Providers check BH community before prefix

filters (bug in NANOG recipe)

  • No validation for origin of community is possible

2018.11.04 Weaponizing BGP 15 Creative Commons: Attribution & Share Alike

slide-16
SLIDE 16

Traffic Steering

2018.11.04 Weaponizing BGP 16 Creative Commons: Attribution & Share Alike

2 3 4 6 7 1 p p 1 p 2 1 p 3 2 1 p 3 2 1 p 5 4 3 2 1 p 6 3 2 1 5 p 4 3 2 1 6:3 6:3 p 6 6 6 3 2 1

slide-17
SLIDE 17

That’s Not Realistic

2018.11.04 Weaponizing BGP 17 Creative Commons: Attribution & Share Alike

slide-18
SLIDE 18

Oh Yeah?

/.-/ ./. “BGP hijacks made use of BGP communities to shape route propagation. Although they also changed origins, which was the giveaway.”

2018.11.04 Weaponizing BGP 18 Creative Commons: Attribution & Share Alike

slide-19
SLIDE 19

It’s the Cloud, Man

  • ASN value ambiguous: who is ”sender”, ”recipient”
  • No defined semantics, values can mean anything
  • Used both for signaling and triggering of actions
  • No cryptographic protection
  • Attribution is impossible
  • It is hard to apply filters or understand what is

going on

2018.11.04 Weaponizing BGP 19 Creative Commons: Attribution & Share Alike

slide-20
SLIDE 20

I Read it on the Internet

  • Communities can be modified, added,

removed by every AS

  • No attribution is possible
  • No cryptographic protection
  • Yet operators bet on their ’correctness’
  • Large communities partially improve the

situation

2018.11.04 Weaponizing BGP 20 Creative Commons: Attribution & Share Alike

slide-21
SLIDE 21

Don’t Propagate Without Thinking Very Deeply

  • On Input – Drop anything not addressed

to you, unless special agreement

  • On Output – Drop everything except

signals from you to the direct peer

  • And Beware Cisco ‘mis-feature’ re well

known communities

  • 2018.11.04 Weaponizing BGP

21 Creative Commons: Attribution & Share Alike

slide-22
SLIDE 22

2018.11.04 Weaponizing BGP 22 Creative Commons: Attribution & Share Alike