Killing the internet – Maestro a novel Link Flooding Attack against a BGP nodes

By Simon Last updated:

hallo Liefling,

As you might have figured by now, I love research about large scale Internet attacks and this week’s paper is again in that area. The paper presents a novel way on how to more intelligent attack the BGP network, which underlays all of the routing decisions on the internet.

All you need is a botnet and an AS, both of which you can get quite easily, and then have the power to take down entire countries.

Apart from the basics and the attack, the paper also discusses mitigations and how to apply them in the field. The attack itself is quite easy to understand, so give it a go!

Software exists to create business value

I am Simon Frey, the author of the Weekly CS Paper Newsletter. And I have great news: You can work with me

As CTO as a Service, I will help you choose the right technology for your company, build up your team and be a deeply technical sparring partner for your product development strategy.

Checkout my website simon-frey.com to learn more or directly contact me via the button below.

Simon Frey Header image
Let’s work together!

Abstract:

We present the Maestro attack, a novel Link Flooding Attack (LFA) that leverages control-plane traffic engineering techniques to concentrate botnet-sourced Distributed Denial of Service flows on transit links. Executed from a compromised or malicious Autonomous System (AS), Maestro advertises specfic-prefix routes poisoned for selected ASes to collapse inbound traffic paths onto a single target link. A greedy heuristic fed by publicly available AS relationship data iteratively builds the set of ASes to poison. Given a compromised BGP speaker with advantageous positioning relative to the target link in the Internet topology, an adversary can expect to enhance total flow density by more than 30%. For a large botnet (e.g., Mirai), that translates to augmenting a DDoS by more than
a million additional infected hosts. Interestingly, the size of the adversary-controlled AS plays little role in this amplification effect. Devastating attacks on core links can be executed by small, resource-limited ASes. To understand the scope of the attack, we evaluate widespread Internet link vulnerability across several metrics, including BGP betweenness and botnet flow density. We then assess where an adversary must be positioned to execute the attack most successfully. Finally, we present effective mitigations for network operators seeking to insulate themselves from this attack.

Download Link:

https://arxiv.org/pdf/1905.07673.pdf

Additional Links:

Weekly in-depth computer science knowledge to become a better programmer. For free!
Over 2000 subcribers. One click unsubscribe.