Home > CAPEC List > CAPEC-584: BGP Route Disabling (Version 2.10)  

CAPEC-584: BGP Route Disabling

 
BGP Route Disabling
Definition in a New Window Definition in a New Window
Attack Pattern ID: 584
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary suppresses the Border Gateway Protocol (BGP) advertisement for a route so as to render the underlying network inaccessible. The BGP protocol helps traffic move throughout the Internet by selecting the most efficient route between Autonomous Systems (AS), or routing domains. BGP is the basis for interdomain routing infrastructure, providing connections between these ASs. By suppressing the intended AS routing advertisements and/or forcing less effective routes for traffic to ASs, the adversary can deny availability for the target network.

+ Attack Prerequisites
  • The adversary must have control of a router that can modify, drop, or introduce spoofed BGP updates.

    The adversary can convince

+ Examples-Instances

Description

Blackholing: The adversary intentionally references false routing advertisements in order to attract traffic to a particular router so it can be dropped.

+ Resources Required

BGP Router

+ Solutions and Mitigations

Implement Ingress filters to check the validity of received routes. However, this relies on the accuracy of Internet Routing Registries (IRRs) databases which are often not well-maintained.

Implement Secure BGP (S-BGP protocol), which improves authorization and authentication capabilities based on public-key cryptography.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Availability
Other
Disabling a network route at the routing infrastructure level denies availability of that route.
+ References
[R.14.2] [REF-3] "Why is it Taking so Long to Secure Internet Routing?". ACM. 2014. <https://queue.acm.org/detail.cfm?id=2668966>.
[R.14.2] [REF-3] "Beware of BGP Attacks". ACM SIGCOMM. 2004. <http://www.cc.gatech.edu/~dovrolis/Papers/ccr-bgp.pdf>.
+ Content History
Submissions
SubmitterDateSource
Seamus Tuohy2017-01-12External_Submission

More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017