Abstract
We present Maestro, a novel Distributed Denial of Service (DDoS) attack that leverages control plane traffic engineering techniques to concentrate botnet flows on transit links. Executed from a compromised or malicious Autonomous System (AS), Maestro advertises routes poisoned for selected ASes to collapse inbound traffic paths onto a single target link. A greedy heuristic fed by bot traceroute data iteratively builds the set of ASes to poison. Given a compromised router with advantageous positioning in the AS-level Internet topology, an adversary can expect to bring an additional 30% of the entire botnet against vulnerable links. Interestingly, the size of the adversary-controlled AS plays little role in this amplification effect; core links can be degraded by small, resource-limited ASes. To understand the scope of the attack, we evaluate widespread Internet link vulnerability via simulation across several metrics, including BGP betweenness and botnet flow density, and assess the topological requirements for successful attacks. We supplement simulation results with ethically conducted “attacks” on real Internet links. Finally, we present effective defenses for network operators seeking to mitigate this attack.
Study supported by the National Science Foundation under Grant No. 1850379.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Anwar, R., Niaz, H., Choffnes, D.R., Cunha, Í.S., Gill, P., Katz-Bassett, E.: Investigating interdomain routing policies in the wild. In: ACM IMC (2015)
Augustin, B., et al.: Avoiding traceroute anomalies with Paris traceroute. In: ACM SIGCOMM (2006)
Bellovin, S.M., Gansner, E.R.: Using Link Cuts to Attack Internet Routing (2003)
Birge-Lee, H., Wang, L., Rexford, J., Mittal, P.: SICO: surgical interception attacks by manipulating BGP communities. In: ACM CCS (2019)
Chang, W., Mohaisen, A., Wang, A., Chen, S.: Measuring botnets in the wild: some new trends (2015)
Chung, T., et al.: RPKI is coming of age: a longitudinal study of RPKI deployment and invalid route origins. In: ACM IMC (2019)
Cisco: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability. https://bit.ly/3aFfFhN
Cisco: Cisco IOS XE Software AAA Login Authentication Remote Code Execution Vulnerability. https://bit.ly/2RmkB3o
Cisco: Cisco IOS XE Software Static Credential Vulnerability. https://bit.ly/2RnyjmA
Cisco: Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability. https://bit.ly/2NVkIB5
Colitti, L., et al.: Internet Topology Discovery Using Active Probing (2006)
Cristina, B., et al.: SIBRA: scalable internet bandwidth reservation architecture (2016)
Cymru, Team: The Team Cymru IP to ASN lookup page. https://www.team-cymru.com/IP-ASN-mapping.html
Dainotti, A., et al.: Analysis of country-wide internet outages caused by censorship. In: ACM SIGCOMM (2011)
Demchak, C.C., Shavitt, Y.: China’s maxim - leave no access point unexploited: the hidden story of China telecom’s BGP Hijacking. Mil. Cyber Aff. (2018)
Donnet, B., Bonaventure, O.: On BGP communities. In: ACM SIGCOMM (2008)
Madory, D.: BGP Hijack of Amazon DNS to Steal Crypto Currency (2018). https://bit.ly/37vW2Ha
Gao, L.: On inferring autonomous system relationships in the Internet. In: IEEE/ACM ToN (2001)
Huston, G.: AS65000 BGP Routing Table Analysis Report (2020). http://bgp.potaroo.net/as2.0/bgp-active.html
Gilad, Y., Cohen, A., Herzberg, A., Schapira, M., Shulman, H.: Are we there yet? On RPKI’s deployment and security. In: NDSS (2017)
Goldberg, S.: Why is it taking so long to secure internet routing? CACM (2014)
Google Security and White Ops: The Hunt for 3ve (2016)
Pepelnjak, I.: Limit the maximum BGP path length (2009). http://wiki.nil.com/Limit_the_maximum_BGP_AS-path_length
Snijders, J.: NTT Peer Locking (2016). http://instituut.net/job/peerlock_manual.pdf
Kang, M.S., Gligor, V.D., Sekar, V.: SPIFFY: inducing cost-detectability tradeoffs for persistent link-flooding attacks. In: NDSS (2016)
Kang, M.S., Lee, S.B., Gligor, V.D.: The crossfire attack. In: IEEE S&P (2013)
Katz-Bassett, E., et al.: Reverse traceroute. In: Usenix NSDI (2010)
Katz-Bassett, E., et al.: LIFEGUARD: practical repair of persistent route failures. In: ACM SIGCOMM (2012)
Lee, S.B., Kang, M.S., Gligor, V.D.: CoDef: collaborative defense against large-scale link-flooding attacks. In: ACM CONEXT (2013)
Lepinski, M., Sriram, K.: RFC 8205 - BGPSEC protocol specification. IETF (2013)
Liaskos, C., Kotronis, V., Dimitropoulos, X.: A novel framework for modeling and mitigating distributed link flooding attacks. In: IEEE INFOCOM (2016)
Litke, P., Stewart, J.: BGP hijacking for cryptocurrency profit (2014)
Luckie, M., et al.: AS relationships, customer cones, and validation. In: ACM IMC (2013)
Lepinski, M., Kent, S.: An Infrastructure to Support Secure Internet Routing (2012). https://tools.ietf.org/html/rfc6480
Majkowski, M.: Memcrashed-Major amplification attacks from UDP port 11211 (2018)
McDaniel, T., Smith, J.M., Schuchard, M.: Flexsealing BGP against route leaks: peerlock active measurement and analysis. In: NDSS (2021, in press)
McPherson, D., Gill, V.: BGP MULTI\_EXIT\_DISC (MED) Considerations (2006)
Netlab360: Mirai Scanner (2017). http://data.netlab.360.com/mirai-scanner/
Nordström, O., Dovrolis, C.: Beware of BGP attacks. In: ACM SIGCOMM (2004)
Oliveira, R., Pei, D., Willinger, W., Zhang, B., Zhang, L.: The (in) completeness of the observed internet AS-level structure. In: IEEE/ACM ToN (2009)
Putman, C.G.J., et al.: Business model of a botnet
Ravi, N., Shalinie, S.M., Theres, D.D.J.: BALANCE: link flooding attack detection and mitigation via hybrid-SDN. IEEE Trans. Netw. Serv. Manag. 17, 1715–1729 (2020)
Rekhter, Y., Li, T.: A Border Gateway Protocol 4 (BGP-4) (1995)
Schlinker, B., Arnold, T., Cunha, I., Katz-Bassett, E.: PEERING: virtualizing BGP at the edge for research. In: ACM CONEXT (2019)
Schuchard, M., Geddes, J., Thompson, C., Hopper, N.: Routing around decoys. In: ACM CCS (2012)
Schuchard, M., Mohaisen, A., Foo Kune, D., Hopper, N., Kim, Y., Vasserman, E.Y.: Losing control of the internet: using the data plane to attack the control plane. In: ACM CCS. ACM (2010)
Scott Sr, J., Winter Summit: Rise of the Machines: The Dyn Attack was Just a Practice Run, December 2016
Smith, J.M., Birkeland, K., McDaniel, T., Schuchard, M.: Withdrawing the BGP re-routing curtain: understanding and analyzing the security impact of BGP poisoning through real-world measurements. In: NDSS (2020)
Smith, J.M., Schuchard, M.: Routing around congestion: defeating DDoS attacks and adverse network conditions via reactive BGP routing. In: 2018 IEEE Symposium on Security and Privacy (SP) (2018)
Sriram, K., Montgomery, D.C.: Resilient Interdomain Traffic Exchange: BGP Security and DDoS Mitigation. NIST (2019)
RN Staff: Ripe atlas: a global internet measurement network. IP J. (2015)
Studer, A., Perrig, A.: The coremelt attack. In: ESORICS (2009)
Thomas, M., Mohaisen, A.: Kindred domains: detecting and clustering botnet domains using DNS traffic. In: WWW (2014)
Tran, M., Kang, M.S., Hsiao, H.-C., Chiang, W.-H., Tung, S.-P., Wang, Y.-S.: On the feasibility of rerouting-based DDoS defenses. In: IEEE S&P (2019)
UCSD-CAIDA: CAIDA AS Rank dataset (2019). http://as-rank.caida.org/
UCSD-CAIDA: CAIDA AS Relationship dataset (2019). https://bit.ly/2RpRWuv
Jacobson, V.: Traceroute Man Page. https://linux.die.net/man/8/traceroute
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
McDaniel, T., Smith, J.M., Schuchard, M. (2020). The Maestro Attack: Orchestrating Malicious Flows with BGP. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 335. Springer, Cham. https://doi.org/10.1007/978-3-030-63086-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-63086-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63085-0
Online ISBN: 978-3-030-63086-7
eBook Packages: Computer ScienceComputer Science (R0)