Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS...
Transcript of Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS...
![Page 1: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/1.jpg)
Low-intensity DoS attacks on BGP infrastructure
Paul Neumann
One need not fear superior numbers if the opposing force has been properly scouted and appraised.
George Armstrong Custer
![Page 2: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/2.jpg)
DoS attacks
Aim:Wholenetworksand/orsystems,aswellasindividualhosts.
Goals:Toconsumeresourcesinorderofshu=ngdownorsubstan@aldeteriora@ngservicestothelegi@mateusers.
Resources:Bandwidth,servers/routerscompu@ng@me,[email protected],DNSflood,pingflood,packetdrop,etc.
![Page 3: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/3.jpg)
DoS attack detection
AnomaliesinthetrafficpaIern:Eventsorcondi@onswithsignificantsta@s@caldevia@onfromtheusualpaIernbasedonthedatapreviouslycollectedinstandardcondi@ons.
SIEM:Anydevia@onoverthethresholdmeantriggersincidentalert.
Inefficientforthelow-intensityDoSaIacks.
Tradi@onalmeansofdefence(firewalls,IDS,etc.)areinefficient.
![Page 4: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/4.jpg)
Low-intensity DoS attacks
Newtrendinthecyberwarfare:Low-intensityDoSaIacksindis@nguishablefromregulartraffic.
Low-intensityDoSaIacksmaybeadaptedagainstHTTP,SMTP,and/orDNStraffic.
Apache-andMicroso,IIS-basedsystemsmostvulnerable.
Communica@onchannelsnotoverloadedbuthavesignificantdroppageoftherequest/acknowledgementpackets.
![Page 5: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/5.jpg)
Low-intensity DoS attacks
Requireanumberofpar@cipa@ngorcompromisedhostsforroguefloodingofthetargetwithuselesspackets.
Rogueimplementa@onoftheDoSmethodswillfailifamassiveamountofanomaloustrafficisdetectedbythefirewalls.
Low-intensityDoSaIackimplementperiodicincrease(splashes)oftheroguetraffic.
![Page 6: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/6.jpg)
Low-intensity DoS attacks ForbeIerefficiencysplashesaremadeclosetothe@me-outoftheopensessiontokeepthesessionalive.
Server/routerbuffersbecomegraduallyoverloaded,leadingtothedenialofservicecondi@on.
Low-intensityDoSaIacksdonotrequiresignificantlybigbandwidthorcompu@ngpower.
![Page 7: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/7.jpg)
TCP stack vulnerability Addi@ve-Increase/Mul@plica@ve-Decrease(AIMD)algorithmcombineslineargrowthoftheconges@onwindowwithanexponen@alreduc@[email protected]@onisdetected,transmiIerdecreasestransmissionratebyamul@plica@vefactor.
Mul@plica@vedecreaseistriggeredwhena@meoutoracknowledgementmessageindicatesapacketwaslost.
Itispossibletoenforcezero-bandwidththroughinjec@ngDoStrafficintotheregulartraffic.
![Page 8: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/8.jpg)
Network bandwidth DoS DoSconsistsofshortpeaksofrogueimpulseswithcarefullysynchronizedperiod.
Ifcombinedtrafficduringthepeaksisbigenoughtocausepacketdroppage,transmissionwillfail.
RetransmissionwillbeaIempteda[erRetransmissionTime-Out(RTO).
IftheDoSperiodcoincideswithRTO,regulartrafficwillconstantlyencounter@me-out.
Packetlosseswillcloseto100%,andbandwidthto0.
![Page 9: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/9.jpg)
Experimental topology VirtualmachinesbasedonVirtualBoxplaaorm.
EmulatedIntel Core [email protected].
Opera@ngsystem:Ubuntu Linux 14.04.HTTPservers:Apache2andnginx.DNSservers:bind9.ICMPandBGProuters:ZebraandQuagga.Networktopology:PacketTracer.AIackingOS:Kali Linux.
![Page 10: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/10.jpg)
Network topology
Branchedtopology:emulatereal-worldsystems.
Dynamicrou@ng:availabilityofnodesandservices.
![Page 11: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/11.jpg)
Model of DoS attack Att==0rogueusersendsthefirstimpulse,shutsdownthesystem.
Legi@mateuserencounters@me-out,forcedtowaitforretransmission,anddoubletheRTO.
RogueuserrepeatsaIackatt==1+2RTT(Round-TripTime).
Iegi@mateuserencounters@me-out,forcedtowaitforretransmissiondoublethe@me,anddoubletheRTO.
Rogueuserwillshutdowntheservicebysendingpacketsatlowrate–everyoddpointin@me.
![Page 12: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/12.jpg)
PC12,PC13–sourcesofaIack.MethodofaIack:SlowLoris.
HTTP attack
PC10–target; Main–monitorclient.
![Page 13: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/13.jpg)
HTTP attack AIackmadewiththeslowhttptestDoSsimulator:
where:-H–SlowLorismode;-u–aIackedURL;-p–@me-out;-cnumberofconnec@ons;-knumberofaIempts.
where:-c–concurrentnumberofsimulatedusers;-t–selectedperiodoftest@me.
Monitoringwasmadewithsiegestresstester:
![Page 14: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/14.jpg)
Losses vs. availability
SuccessfulDoSaIackw/oseriousinvestmentinthebandwithofaIackinghosts.
![Page 15: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/15.jpg)
DoS attack on BGP system
AIackwasdrivenagainstthenetworksegmentonRouter3andRouter4.
![Page 16: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/16.jpg)
DoS attack on BGP system Networkthroughputmeasuredwithiperfu@lity.
AIack:
Scenario1:DirectaIackonQuagga.
Scenario2:AIackonBGPinfrastructurebehindRouter4tocompromiserou@ngchannel.
![Page 17: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/17.jpg)
Attack on Quagga SYN-ACKpacketssentwith5sec.@me-out.
UsingscapyPythonscrip@ngu@lity:
![Page 18: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/18.jpg)
Attack on Quagga Handshakeini@alizedandprocessedexcepttheESTABLISHEDstatus.
QuaggarespondswithRSTpackettotheroguerequests.
Changingtime.sleep()parameterinthe1to300rangeresultedinclosingconnec@onwithSYN-RECVstatus.
Noproblemswithavailability:
![Page 19: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/19.jpg)
Analysis Successfullow-intensityDoSaIackrequiresBGPemula@ngso[ware.
Legi@mateconnec@ontoroguerequestspossibleonlyonmisconfiguredservers.
DataexchangebetweenBGPneighboursbasedonAccessLists(ACL):
- permissiontotransmitroutestoaneighbour,- permissiontoreceiveroutesfromaneighbour.
![Page 20: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/20.jpg)
Router-in-the-Middle attack AIackdrivenattheserverbehindaIackedrouter.
Goal:Toforcetheroutertolowerthebandwidthduetoprocessingroguetrafficgeneratedfromlow-intensityDoSaIack.
AIackedwasPC13behindRouter4:
Networkthroughputmeasuredwithiperfu@lity.
![Page 21: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/21.jpg)
Analysis Nochangesinthethroughput:
Slightdroppageofthespeedresultsfrominterfaceset-uptomatchreal-worldcondi@ons.Trafficgeneratedfromlow-intensityDoSaIackdoesn’taffecttheborderrouter’sbandwidth.Networkthroughputmeasuredwithiperfu@lity.
![Page 22: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/22.jpg)
Analysis AIacksonsystemswithdefaultconfigura@onweresuccessful.
Low-intensityDoSaIacksdeterioratechannelbandwidth.
Asaruledefaultconfigura@onsignoreparameterstocounter-actaIacks.Quaggaisaremarkableexcep@on.
ItresultsindenialofHTTPservicestolegi@mateusers.
![Page 23: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/23.jpg)
Comparison
Normaltraffic.
TrafficunderaIack.
![Page 24: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/24.jpg)
Conclusions Aleksandar Kuzmanovic, Edward W. Knightly. Low-rate TCP-targeted denial of service attacks and counter strategies. IEEE/ACM Trans. Netw. – 2006. – No 14 (4). – С. 683-696.
discusseshowlow-intensityDoSaIacksonrou@ngprotocolsmaycauseavalancheeffectanddestroysubstan@alsegmentsoftheInternet.
ExperimentprovesthatsuchanaIackmaysucceedonlyinthepresenceofmanyfactors,includingroutersmisconfigura@on,substan@alamountofcompu@ngresources,andwell-coordinatedscenariooftheaIack.
![Page 25: Low-intensity DoS attacks on BGP infrastructure - RIPE DoS attacks on... · Low-intensity DoS attacks on BGP infrastructure ... Kali Linux. Network topology ... Using scapy Python](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab15c0e7f8b9aea528c51ec/html5/thumbnails/25.jpg)
Questions?
Thank you for your attention!