Routing Security

Question 1

Autonomous System

Answer 1

Collection of prefixes owned and managed by an entity
-> have clearly defined internal IGP and external EGP routing policies

Question 2

BGP

Answer 2

• Standard exterior gateway protocol
• Routing policy based on shortest-prefix and shortest-path
• Supports destination-based forwarding paradigm

Question 3

Vulnerabilities in BGP

Answer 3

• Attack vectors:
  -> sub-prefix hijacking
  -> same-prefix hijacking (shortest path exploit)
• Attack Objectives:
  -> Blackholing
  -> Redirection
  -> Subversion (Umsturz)
  -> Routing Instability

Question 4

Resource PKI

Answer 4

• Distributed Database of resources that complement BGP table decision-making process
• Repositories are called Publication Point
• Most important file is Route Origin Authorization (ROA). A cryptographically signed mapping of prefixes to ASes that own them

Question 5

Vulnerabilities in the RPKI Environment

Answer 5

• Rate-limiting in DNS
• RP Predictability
• Unlimited Delegation Chain

Question 6

RPKI: Stalloris: Downgrade Attack

Answer 6

1. Relying Party (RP) connects to the attacker’s Publication Points (PP)
2. Attacker makes target PP unreachable via rate-limiting
   -> Spoof TCP SYNs packets to PP with victim IP
   -> Spoof DNS queries to PP name servers with victim IP
3. Queries from RP and its resolvers go unanswered, repeat periodically until
4. Objects in cache expires
   -> ROAs of target PP are no longer available
   -> BGP Router gets incomplete data => RPKI downgrade