Accession Number : AD1045809


Title :   Blind Data Attack on BGP Routers


Descriptive Note : Technical Report,07 Sep 2015,31 Mar 2017


Corporate Author : Naval Postgraduate School Monterey United States


Personal Author(s) : Catudal,Joseph W


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/1045809.pdf


Report Date : 01 Mar 2017


Pagination or Media Count : 87


Abstract : Transport Communication Protocol (TCP) implementations may not properly implement blind attack protection, leaving long-standingconnections, such as Border Gateway Protocol (BGP) sessions, vulnerable to exploitation. This thesis aims to understand the efficacy ofa blind data attack on BGP sessions. This thesis examines BGP, the protocols BGP relies on, and the effectiveness of safeguards againstBGP blind attacks. A series of blind attack tests are performed against various production BGP implementations to determine howdangerous and feasible a blind attack is on BGP routing information integrity. Blind data attacks can inject and temporarily propagateerroneous routing information; however, on the routers tested, the complexity required to brute force connection-specific values makesblind data attacks difficult. Also, there is a high probability that a blind data attack will desynchronize a BGP session without modifyingrouting information. Protective measures are available that could further safeguard BGP sessions, but older router images may notimplement some of the most vital protections recommended today. Organizations responsible for routing infrastructure and networksecurity must carefully weigh the risk of not implementing more strict protection measures should a discovered vulnerability reduceattack complexity.


Descriptors :   COMMUNICATIONS PROTOCOLS , INTERNET , INTERNET ROUTING


Subject Categories : Computer Systems


Distribution Statement : APPROVED FOR PUBLIC RELEASE