Please use this identifier to cite or link to this item:
Main Title: BGP Communities: Even more Worms in the Routing Can
Author(s): Streibelt, Florian
Lichtblau, Franziska
Beverly, Robert
Feldmann, Anja
Pelsser, Cristel
Smaragdakis, Georgios
Bush, Randy
Type: Conference Object
Language Code: en
Abstract: BGP communities are a mechanism widely used by operators to manage policy, mitigate attacks, and engineer traffic; e.g., to drop unwanted traffic, filter announcements, adjust local preference, and prepend paths to influence peer selection. Unfortunately, we show that BGP communities can be exploited by remote parties to influence routing in unintended ways. The BGP community-based vulnerabilities we expose are enabled by a combination of complex policies, error-prone configurations, a lack of cryptographic integrity and authenticity over communities, and the wide extent of community propagation. Due in part to their ill-de ned semantics, BGP communities are often propagated far further than a single routing hop, even though their intended scope is typically limited to nearby ASes. Indeed, we find 14% of transit ASes forward received BGP communities onward. Given the rich inter-connectivity of transit ASes, this means that communities effectively propagate globally. As a consequence, remote adversaries can use BGP communities to trigger remote blackholing, steer traffic, and manipulate routes even without pre x hijacking. We highlight examples of these attacks via scenarios that we tested and measured both in the lab as well as in the wild. While we suggest what can be done to mitigate such ill effects, it is up to the Internet operations community whether to take up the suggestions.
Issue Date: 31-Oct-2018
Date Available: 4-Dec-2019
DDC Class: 005 Computerprogrammierung, Programme, Daten
Subject(s): BGP
routing protocols
network measurement
Sponsor/Funder: EC/H2020/679158/EU/Resolving the Tussle in the Internet: Mapping, Architecture, and Policy Making/ResolutioNet
DFG, FE 570/4-1, Gottfried Wilhelm Leibniz-Preis 2011
BMBF, 01IS14013A, BBDC - Berliner Kompetenzzentrum für Big Data
Proceedings Title: Proceedings of the Internet Measurement Conference 2018 - IMC '18
Publisher: Association for Computing Machinery (ACM)
Publisher Place: New York, NY
Publisher DOI: 10.1145/3278532.3278557
Page Start: 279
Page End: 292
ISBN: 978-1-4503-5619-0
Notes: © ACM 2018 . This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Proceedings of the Internet Measurement Conference 2018 - IMC ’18,
Appears in Collections:FG Internet Network Architectures (INET) » Publications

Files in This Item:
File Description SizeFormat 
streibelt_etal_2018.pdfAccepted manuscript1.57 MBAdobe PDFThumbnail

Items in DepositOnce are protected by copyright, with all rights reserved, unless otherwise indicated.