Abstract
The Internet is a critical resource in the daily life of billions of users. To support the growing number of users and their increasing demands, operators continuously scale their network footprint—e.g., by joining Internet Exchange Points (IXPs)—and adopt relevant technologies—such as IPv6—which provides a vastly larger address space than its predecessor.
In this paper, we revisit prefix de-aggregation attacks in the light of these two changes and introduce Kirin—an advanced BGP prefix de-aggregation attack that announces millions of IPv6 routes via thousands of IXP connections to overflow the memory of routers within remote ASes. Kirin's highly distributed nature allows it to bypass traditional route-flooding defense mechanisms, such as per-session prefix limits or route flap damping.
We analyze Kirin's theoretical feasibility by formulating it as a mathematical optimization problem, test for practical hurdles by deploying enough infrastructure to perform a micro-scale Kirin attack using 4 IXPs, and validate our assumptions via BGP data analysis, real-world measurements, and router testbed experiments. Despite its low deployment cost, we find that Kirin may inject lethal amounts of routes into the routers of thousands of ASes.
Read The Paper
Understanding BGP and Kirin
BGP (Border Gateway Protocol) is the protocol that manages how packets travel through the Internet by exchanging IP prefix reachability information. Despite its robustness, BGP is vulnerable to various attacks, including prefix de-aggregation attacks, where an attacker floods the network with too many routes.
The paper "Kirin: Hitting the Internet with Distributed BGP Announcements" revisits BGP prefix de-aggregation attacks in a new context. We leverage the vast IPv6 address space to overload the memory of Internet routers by distributing millions of new routes using many BGP sessions.
Our research includes a detailed analysis of Kirin's feasibility, presents real-world experiments, and discusses the potential impact. The study highlights the low cost and minimal infrastructure needed to launch such an attack, making it a significant concern for network operators.
What Should I Do?
The paper discusses various defense mechanisms to mitigate the impact. By implementing strict filtering policies and monitoring BGP sessions for unusual activity, network operators can significantly reduce the risk of memory overload caused by excessive route announcements.
For more detailed guidelines, see our NANOG mailing list announcement. For an open-source implementation of a possible defense mechanism, see bgpipe, presented at RIPE88.