Скачать презентацию Low-Rate TCP-Targeted Do S Attack Disrupts Internet Routing Скачать презентацию Low-Rate TCP-Targeted Do S Attack Disrupts Internet Routing

d2f2a30927296b40d82ed300b19a844e.ppt

  • Количество слайдов: 39

Low-Rate TCP-Targeted Do. S Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Low-Rate TCP-Targeted Do. S Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang 1

Attacks on the Internet Ø Attacks targeting end hosts Ø Denial of Service attacks, Attacks on the Internet Ø Attacks targeting end hosts Ø Denial of Service attacks, worms, spam Ø Attacks targeting the routing infrastructure Ø Compromised routers Ø Stealthy denial of service attacks Internet BR C Target link Bots BR C Target Destination Attackers 2

Border Gateway Protocol De facto standard inter-domain routing protocol Keepalive BGP session reset Keepalive Border Gateway Protocol De facto standard inter-domain routing protocol Keepalive BGP session reset Keepalive confirm peer liveliness; determine peer reachability BGP Hold. Timer expired AS 1 BGP session BR BR C Transport: TCP connection BR BR C AS 2 3

Low-rate TCP-targeted Do. S attacks [Kuzmanovic 03] Ø Exploiting TCP’s deterministic retransmission behavior No Low-rate TCP-targeted Do. S attacks [Kuzmanovic 03] Ø Exploiting TCP’s deterministic retransmission behavior No packet loss ACKs received TCP Congestion Window Size (packets) Initial window size packet loss No ACK received min. RTO 2 x min. RTO 4 x min. RTO Time 4

Low-rate TCP-targeted Do. S attacks Ø Attack flow period approximates min. RTO of TCP Low-rate TCP-targeted Do. S attacks Ø Attack flow period approximates min. RTO of TCP flows TCP congestion window size (segments) Initial window size min. RTO 2 x min. RTO 4 x min. RTO Time 5

Impact of low-rate TCP Do. S attacks Ø Impact on any TCP connections ØTCP Impact of low-rate TCP Do. S attacks Ø Impact on any TCP connections ØTCP continuously experiences loss ØTCP obtains near zero throughput ØDifficult to detect due to low-rate property Ø Our finding: ØLow-rate TCP Do. S attacks can disrupt BGP (with default configurations) 6

Impact of routing disruption Ø Reduced sending rate ØIncreasing convergence delay Ø BGP session Impact of routing disruption Ø Reduced sending rate ØIncreasing convergence delay Ø BGP session reset ØRouting instability ØUnreachable destinations ØTraffic performance degradation 7

Outline Ø Description of a potential attack against Internet routing Ø Attack demonstration using Outline Ø Description of a potential attack against Internet routing Ø Attack demonstration using testbed experiments Ø Increased attack sophistication ØUsing multi-host coordination Ø Defense solutions through prevention 8

Testbed experiments Ø Using high-end commercial routers Ø Demonstrating the attack feasibility Gigabit Ethernet Testbed experiments Ø Using high-end commercial routers Ø Demonstrating the attack feasibility Gigabit Ethernet OC 3 155 Mbps Sender A BR C Router R 1 (Cisco GSR) Receiver B BR C Router R 2 (Cisco GSR) 9

The attack to bring down a BGP session UDP-based attack flow Attacker A Packet The attack to bring down a BGP session UDP-based attack flow Attacker A Packet is dropped due to congestion BGP Keepalive message BR C Router R 1 Receiver B BR C Router R 2 10

The attack to bring down a BGP session UDP-based attack flow Retransmitted BGP Keepalive The attack to bring down a BGP session UDP-based attack flow Retransmitted BGP Keepalive message Attacker A min. RTO BR C Router R 1 Receiver B BR C Router R 2 11

The attack to bring down a BGP session UDP-based attack flow 2 nd Retransmitted The attack to bring down a BGP session UDP-based attack flow 2 nd Retransmitted BGP Keepalive message Attacker A min. RTO BR C Router R 1 2*min. RTO Receiver B BR C Router R 2 12

The attack to bring down a BGP session UDP-based attack flow 7 th retransmitted The attack to bring down a BGP session UDP-based attack flow 7 th retransmitted BGP Keepalive message Attacker A min. RTO BR C Router R 1 2*min. RTO BGP Session Reset Receiver B BR C Router R 2 Hold Timer expired! 13

Basic attack flow properties Burst length L Magnitude of the peak R Inter-burst period Basic attack flow properties Burst length L Magnitude of the peak R Inter-burst period T 14

How likely is BGP session reset? R: 185 Mbps T: 600 msec Min duration: How likely is BGP session reset? R: 185 Mbps T: 600 msec Min duration: 216 sec 30% session reset probability with 42% capacity usage 15

Router implementation diversity Router Type Router OS Version min. RTO Keepalive Hold. Timer (msec) Router implementation diversity Router Type Router OS Version min. RTO Keepalive Hold. Timer (msec) (sec) 300 60 180 Cisco 3600 IOS 12. 2(25 a) Cisco 7200 IOS 12. 2(28)S 3 600 60 180 Cisco 7300 IOS 12. 3(3 b) 300 60 180 Cisco 12000 IOS 12. 0(23)S 600 60 180 Juniper M 10 JUNOS[6. 0 R 1. 3] 1000 30 90 16

Explanation of packet drops Ø BGP packet drop locations: Ø Ingress or egress line Explanation of packet drops Ø BGP packet drop locations: Ø Ingress or egress line card buffer queues Ø Resource sharing across interfaces Ø Interfaces share buffers and processing time Router BGP pkt Interface 1 Interface 2 Interface 3 Ingress line card Egress line card Interface 4 17

Buffer allocation in line cards Ø Line card memory is divided into buckets of Buffer allocation in line cards Ø Line card memory is divided into buckets of different packet sizes Ø Packets cannot utilize buckets of a different size Switch fabric BGP pkt Full! Drop! Line card buffer queues Packet size (0, 80 Byte] [81 Byte, 270 Byte] Empty [271 Byte, 502 Byte] [503 Byte, 908 Byte] [909 Byte, 1500 Byte] 18

Necessary conditions for session reset Ø Inter-burst period approximates min. RTO Ø The attack Necessary conditions for session reset Ø Inter-burst period approximates min. RTO Ø The attack flow’s path traverses at least one link of the BGP session Ø Attack flow’s bottleneck link is the target link Attack flow’s path Attacker BR C Receiver Bottleneck link BR C Router R 1 Multi-hop BGP Session BR C Router R 2 19

Outline Ø Description of a potential attack against Internet routing Ø Attack demonstration using Outline Ø Description of a potential attack against Internet routing Ø Attack demonstration using testbed experiments Ø Increased attack sophistication ØUsing multi-host coordination Ø Defense solutions through prevention 20

Coordinated low-rate Do. S attacks Attack host A Destination C BR C Router R Coordinated low-rate Do. S attacks Attack host A Destination C BR C Router R 1 BR C Target BGP session Router R 2 Destination D Attack host B 21

Coordinated low-rate Do. S attacks Attack Host A Destination C BR C Router R Coordinated low-rate Do. S attacks Attack Host A Destination C BR C Router R 1 BR C Target BGP session Router R 2 Destination D Attack Host B 22

Coordinated low-rate Do. S attacks BR C Target BGP session 23 Coordinated low-rate Do. S attacks BR C Target BGP session 23

Host selection for coordinated attacks Ø Selecting attack host-destination pairs to traverse target link Host selection for coordinated attacks Ø Selecting attack host-destination pairs to traverse target link ØIdentify the target link’s geographic location and ASes ØIdentify prefixes with AS-level path through the target link ØIdentify IP-level paths 24

Wide-area experiments Ø Internet bottleneck link available bandwidth measurement Ø 160 peering links Ø Wide-area experiments Ø Internet bottleneck link available bandwidth measurement Ø 160 peering links Ø 330 customer and provider links Ø Attack host selection Ø Planet. Lab hosts as potential attack hosts Ø Attack hosts geographically close to the target link Ø Attacks targeting a local BGP session 25

Wide-area coordinated attacks against a local BGP session R=5 Mbps L=300 msec T=1 s Wide-area coordinated attacks against a local BGP session R=5 Mbps L=300 msec T=1 s Average Rate = 1. 5 Mbps UW 1 (US) 100 Mbps 10 Mbps Targeted UW 2 WAN BGP session Software router 1 Software router 2 THU 1(China) THU 2 26

a single attack flow Conditions for Coordinated attacks Ø 1. Inter-burst period approximates min. a single attack flow Conditions for Coordinated attacks Ø 1. Inter-burst period approximates min. RTO Ø 1’. Sufficiently strong combined attack flows to cause congestion Ø 2. The attack flow’s path traverses the BGP session Ø 3. Attack flow’s bottleneck link is the target link Ø 3’. Identify the target link location 27

Outline Ø Description of a potential attack against Internet routing Ø Attack demonstration using Outline Ø Description of a potential attack against Internet routing Ø Attack demonstration using testbed experiments Ø Increased attack sophistication ØUsing multi-host coordination Ø Defense solutions through prevention 28

Attack prevention: hiding information Ø Randomize min. RTO [Kuzmanovic 03] Ø min. RTO is Attack prevention: hiding information Ø Randomize min. RTO [Kuzmanovic 03] Ø min. RTO is any value within range [a, b] Ø Does not eliminate BGP session reset Ø Hide network topology from end-hosts Ø Disabling ICMP TTL Time Exceeded replies at routers 29

Attack prevention: prioritize routing traffic Ø Weighted Random Early Detection (WRED) Ø Prevent TCP Attack prevention: prioritize routing traffic Ø Weighted Random Early Detection (WRED) Ø Prevent TCP synchronization Ø Selectively drop packets Ø Drop low-priority packets first when the queue size exceeds defined thresholds Ø Assumption of WRED Ø The IP precedence field is not spoofed Ø We need to police the IP precedence markings 30

Support from existing commercial routers Ø Router supported policing features Ø Committed Access Rate Support from existing commercial routers Ø Router supported policing features Ø Committed Access Rate (CAR) Ø Class-based policing Ø Traffic marking Ø Reset the incoming packets to be low priority Ø Class-based queuing Ø Drop the packets with low priority when the traffic burst is high Effective in isolating BGP packets from attack traffic! 31

Conclusion Ø Feasibility of attacks against Internet routing infrastructure Ø Lack of protection of Conclusion Ø Feasibility of attacks against Internet routing infrastructure Ø Lack of protection of routing traffic Ø Prevention solution using existing router configurations Ø Ubiquitous deployment is challenging Ø Difficulties in detecting and defending against coordinated attacks Ø may affect any network infrastructure 32

Thank you! 33 Thank you! 33

Backup slides 34 Backup slides 34

Attack flow notations Ø Periodic, on-off square-wave flow Ø Burst period length L Ø Attack flow notations Ø Periodic, on-off square-wave flow Ø Burst period length L Ø Inter-burst period T Ø Burst magnitude of the peak R Burst Length L Magnitude of the peak R Inter-burst period T 35

Attack inter-burst period’s impact on table transfer duration (R=185 Mbps, L=200 msec) 36 Attack inter-burst period’s impact on table transfer duration (R=185 Mbps, L=200 msec) 36

Attack peak magnitude’s impact on session reset and table transfer duration (Top: T=600 msec, Attack peak magnitude’s impact on session reset and table transfer duration (Top: T=600 msec, L=200 msec) (Bottom: T=1. 2 s, L=200 msec) Normalized avg rate 0. 48 Normalized avg rate 0. 24 37

Synchronization accuracy 38 Synchronization accuracy 38

BGP table transfer with WRED enabled under attack 39 BGP table transfer with WRED enabled under attack 39