Abstract
Although the Internet routing infrastructure was not a direct target of the January 2003 Slammer worm attack, the worm attack coincided in time with a large, globally observed increase in the number of BGP routing update messages. Our analysis shows that the current global routing protocol BGP allows local connectivity dynamics to propagate globally. As a result, any small number of edge networks can potentially cause wide-scale routing overload. For example, two small edges ASes, which announced less than 0.25% of BGP routing table entries, contributed over 6% of total update messages observed at monitoring points during the worm attack. Although BGP route flap damping has been proposed to eliminate such undesirable global consequences of edge instability, our analysis shows that damping has not been fully deployed even within the Internet core. Our simulation further reveals that partial deployment of BGP damping not only has limited effect, but may also worsen the routing performance under certain topological conditions. The results show that it remains a research challenge to design a routing protocol that can prevent local dynamics from triggering global messages in order to scale well in a large, dynamic environment.
This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No DABT63-00-C-1027 and by National Science Fundation(NSF) under Contract No ANI-0221453. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the DARPA or NSF.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
CERT Advisory CA-2003-04, SQL Slammer, http://www.cert.org/advisories/CA-2003-04.html
Moore, D., et al.: The spread of the Sapphire/Slammer worm http://www.cs.berkeley.edu/nweaver/sapphire/
Internet Health Report, Sapphire Worm Attack, http://www.digitaloffense.net/worms/mssql_udp_worm/internet_health.jpg
Griffin, T.: BGP Impact of SQL Worm, http://www.research.att.com/griffin/bgpmonitor/sqlworm.html
Freedman, A.: ISP Security Talk, Nanog (2003), http://www.cs.berkeley.edu/nweaver/sapphire/
Rekhter, Y., Li, T.: A border gateway protocol (BGP-4), Request for Comment (RFC): 1771 (March 1995)
CERT Advisory CA-2001-19, Code Red Worm Exploiting Buffer Overflow In IIS Indexing Service DLL, http://www.cert.org/advisories/CA-2001-19.html.
CERT Advisory CA-2001-26, Nimda Worm, http://www.cert.org/advisories/CA-2001-26.html
Villamizar, C., Chandra, R., Govindan, R.: BGP route flap damping, Request for Comment (RFC): 2439 (November 1998)
Mao, Z., Govindan, R., Varghese, G., Katz, R.: Route flap damping exacerbates internet routing convergence. In: Proceedings of the ACM SIGCOMM, Pittsburg, PA (August 2002)
Univeristy of Oregon, The Route Views Project, http://www.antc.uoregon.edu/route-views/
Wang, L., Zhao, X., Pei, D., Bush, R., Massey, D., Mankin, A., Wu, S., Zhang, L.: Observation and analysis of BGP behavior under stress. In: Proceedings of the ACM SIGCOMM Internet Measurement Workshop 2002 (November 2002)
PC World, Slammer worm slaps Net down but not out, http://www.pcworld.com/news/article/0,aid,108988,00.asp
Zhao, X., Lad, M., Pei, D., Wang, L., Massey, D., Zhang, L.: Understanding BGP Behavior through a study of DoD Prefixes. In: DISCEX 2003 (February 2003)
Labovitz, C., Ahuja, A., Bose, A., Jahanian, F.: DelayedI nternet routing convergence. In: Proceedings of the ACM SIGCOMM 2000 (August/September 2000)
Huston, G.: Analyzing the Internet BGP Routing Table. The Internet Protocol Journal (March 2001)
ssfnet.org, SSFNET modeling the global internet, http://www.ssfnet.org
Premore, B.: Multi-as topologies from bgp routing tables, http://www.ssfnet.org/Exchange/gallery/asgraph/index.html
Cowie, J., Ogielski, A., Premore, B.J., Yuan, Y.: Global routing instabilities triggered by Code Red II and Nimda worm attacks, Tech. Rep., Renesys Corporation (December 2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lad, M., Zhao, X., Zhang, B., Massey, D., Zhang, L. (2003). Analysis of BGP Update Surge during Slammer Worm Attack. In: Das, S.R., Das, S.K. (eds) Distributed Computing - IWDC 2003. IWDC 2003. Lecture Notes in Computer Science, vol 2918. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24604-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-24604-6_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20745-0
Online ISBN: 978-3-540-24604-6
eBook Packages: Springer Book Archive