Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Massachusetts at Amherst 1 Flooding Attacks by Exploiting Persistent Forwarding Loops Jianhong Xia, Lixin Gao and Teng Fei University of.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "University of Massachusetts at Amherst 1 Flooding Attacks by Exploiting Persistent Forwarding Loops Jianhong Xia, Lixin Gao and Teng Fei University of."— Presentation transcript:

1 University of Massachusetts at Amherst 1 Flooding Attacks by Exploiting Persistent Forwarding Loops Jianhong Xia, Lixin Gao and Teng Fei University of Massachusetts, Amherst MA 01003, USA Email: {jxia, lgao, tfei}@ecs.umass.edu

2 University of Massachusetts at Amherst 2Introduction Routing determines forwarding paths A B X C Y

3 University of Massachusetts at Amherst 3 Forwarding Loops Forwarding loops exist in the Internet –Transient or persistent [Paxson97], [Hengartner02], [Francois05], [Zhang04] –Misconfigurations may cause forwarding loops [Griffin02] Security issues –Blackhole some network addresses –Can be exploited to launch flooding attacks

4 University of Massachusetts at Amherst 4 Flooding Attacks Using Persistent Forwarding Loops How many shadowed addresses in the Internet? X Y RaRa Shadowed Addresses Imperiled Addresses RbRb RcRc Affect legitimate end hosts Traffic to Y Traffic to X How many imperiled addresses in the Internet?

5 University of Massachusetts at Amherst 5 Measurement Design Design –Balancing granularity and overhead –Samples 2 addresses in each /24 IP block Addresses space collection –Addresses covered by RouteView table –De-aggregate prefixes to /24 prefixes Fine-grained prefixes Data traces –Traceroute to 5.5 million fine-grained prefixes –Measurement lasts for 3 weeks

6 University of Massachusetts at Amherst 6 Shadowed vs. Imperiled Addresses Shadowed addresses/prefixes –135,973 shadowed prefixes –2.47% of routable addresses –Located in 5120 ASes Imperiled addresses/prefixes –42,887 imperiled prefixes –0.78% of routable addresses –Located in 2051 ASes

7 University of Massachusetts at Amherst 7 Properties of Persistent Forwarding Loops Length –86.6% of persistent loops are two hops long Location –81.8% of persistent loops occur within destination domains Implications –Significantly amplify attacking traffic –Can be exploited from different places

8 University of Massachusetts at Amherst 8Validation Validation from various locations –From Asia, Europe, West and East coast of US –90% of shadowed prefixes consistently have persistent forwarding loops Validation to multiple addresses in shadowed prefixes –Sampling ~50 addresses in each shadowed prefix –68% of shadowed prefixes show that All samples have forwarding loops

9 University of Massachusetts at Amherst 9 Impact on Bandwidth Consumption Example on overloading link L bc –Available bandwidth: 100Mbps –Number of compromised hosts: 25 –Average traffic rate needed: X Y RaRa RbRb RcRc Traffic to Y Traffic to X

10 University of Massachusetts at Amherst 10Conclusion Persistent forwarding loops –Large number of shadowed prefixes –Distributed in a large number of domains Affect legitimate end hosts –Large number of imperiled prefixes –Spread in various domains Can be exploited to launch flooding attacks –Amplifying attacking traffic significantly –Can be launched from various locations

11 University of Massachusetts at Amherst 11Thanks Any questions or comments?

12 University of Massachusetts at Amherst 12 Possible Causes of Forwarding Loops Configure errors Example: Pull-up routes –Provider owns 18.0.0.0/8 Assign 18.1.0.0/16 to its customer –Customer uses 18.1.1.0/24 Accept packets to 18.1.1.0/24 only Others are redirected back to provider by default route –Forwarding loop happens Any packet to addresses in 18.1.2.0 ~ 18.1.255.255 Provider Customer Internet Default route 18.0.0.0/8 18.1.0.0/16 18.1.1.0/24

Download ppt "University of Massachusetts at Amherst 1 Flooding Attacks by Exploiting Persistent Forwarding Loops Jianhong Xia, Lixin Gao and Teng Fei University of."

Similar presentations

Self-Managed Future Wireless Networks? Lixin Gao University of Massachusetts, Amherst.

Self-Managed Future Wireless Networks? Lixin Gao University of Massachusetts, Amherst.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Ningning HuCarnegie Mellon University1 Optimizing Network Performance In Replicated Hosting Peter Steenkiste (CMU) with Ningning Hu (CMU), Oliver Spatscheck.

Ningning HuCarnegie Mellon University1 Optimizing Network Performance In Replicated Hosting Peter Steenkiste (CMU) with Ningning Hu (CMU), Oliver Spatscheck.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.

By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.
Detecting Traffic Differentiation in Backbone ISPs with NetPolice Ying Zhang Zhuoqing Morley Mao Ming Zhang.

Detecting Traffic Differentiation in Backbone ISPs with NetPolice Ying Zhang Zhuoqing Morley Mao Ming Zhang.
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.

Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
Inherently Safe Backup Routing with BGP Lixin Gao (U. Mass Amherst) Timothy Griffin (AT&T Research) Jennifer Rexford (AT&T Research)

Inherently Safe Backup Routing with BGP Lixin Gao (U. Mass Amherst) Timothy Griffin (AT&T Research) Jennifer Rexford (AT&T Research)
E2E Routing Behavior in the Internet Vern Paxson Sigcomm 1996 Slides are adopted from Ion Stoica’s lecture at UCB.

E2E Routing Behavior in the Internet Vern Paxson Sigcomm 1996 Slides are adopted from Ion Stoica’s lecture at UCB.
Routing Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

Routing Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
Routing and Routing Protocols

Routing and Routing Protocols
Ningning HuCarnegie Mellon University1 A Measurement Study of Internet Bottlenecks Ningning Hu (CMU) Joint work with Li Erran Li (Bell Lab) Zhuoqing Morley.

Ningning HuCarnegie Mellon University1 A Measurement Study of Internet Bottlenecks Ningning Hu (CMU) Joint work with Li Erran Li (Bell Lab) Zhuoqing Morley.
ROUTING PROTOCOL IGRP. REVIEW 4 Purpose of Router –determine best path to destination –pass the frames to the destination 4 Protocols –routed - used by.

ROUTING PROTOCOL IGRP. REVIEW 4 Purpose of Router –determine best path to destination –pass the frames to the destination 4 Protocols –routed - used by.
End-to-End Issues. Route Diversity  Load balancing o Per packet splitting o Per flow splitting  Spill over  Route change o Failure o policy  Route.

End-to-End Issues. Route Diversity  Load balancing o Per packet splitting o Per flow splitting  Spill over  Route change o Failure o policy  Route.
University of Massachusetts, Amherst 1 On the Evaluation of AS Relationship Inferences Jianhong Xia and Lixin Gao Department of Electrical and Computer.

University of Massachusetts, Amherst 1 On the Evaluation of AS Relationship Inferences Jianhong Xia and Lixin Gao Department of Electrical and Computer.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Route Selection in Cisco Routers. Route Selection One of the intriguing aspects of Cisco routers, especially for those new to routing, is how the router.

Route Selection in Cisco Routers. Route Selection One of the intriguing aspects of Cisco routers, especially for those new to routing, is how the router.

Similar presentations

Ads by Google