Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Crash the Internet

Posted by CmdrTaco on from the sound-of-a-millions-memes-melting dept.

rudy_wayne writes "We know you can take down Web sites with Distributed Denial of Service (DDoS) attacks. We know that a government, like Egypt's, can shut down an entire country's Internet access. And, we thought we knew that you can't take down the entire Internet. It turns out we could be wrong. In a report from New Scientist, Max Schuchard, a computer science graduate student, and his buddies claim they've found a way to launch DDoS attacks on Border Gateway Protocol (BGP) network routers that could crash the Internet."

19 of 166 comments (clear)

  1. Crashing the net is pointless by Drakkenmensch · · Score: 4, Funny

    Where is he going to go brag afterwards? It's a self-defeating endeavor.

  2. People have been thinking about this for ages by djlemma · · Score: 2

    I remember a decade ago, somebody from l0pht was discussing how they could take down the entire internet and keep it down for a while. I'm sure many people have made a point of keeping up with advancing technology and continuing to find ways that they could take down the internet itself...

    Still interesting to read about though.

  3. How is this news? by HungryHobo · · Score: 4, Interesting

    How is this news?
    we've know for years that BGP has problems.
    it's broken big section of the net before.

    http://en.wikipedia.org/wiki/AS_7007_incident

    1. Re:How is this news? by HungryHobo · · Score: 4, Informative

      More detail:
      http://lists.ucc.gu.uwa.edu.au/pipermail/lore/2006-August/000040.html

      http://www.merit.edu/mail.archives/nanog/1997-04/msg00340.html
      http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html
      http://portal.acm.org/citation.cfm?id=347428&dl=ACM&coll=

      http://web.archive.org/web/20070328170121/http://www.riverstonenet.com/support/bgp/design/index.htm

    2. Re:How is this news? by bjourne · · Score: 3, Informative

      Because, as described in TFA, the method used to exploit BGP is totally different from previous known methods. This one is about DDoS-ing a single high-traffic link between two routes so that neighbouring routers will send BGP updates telling listening parties to route their traffic elsewhere. The DDoS-ing would then stop, traffic resume on the link and new BGP updates being sent. Then another DDoS on the same link and so on. Eventually the amount of BGP updates would build up a huge backlog overloading every router in the world.

      The attack is possible in theory. In reality, you would need a huge botnet concentrating on a single vulnerable link to be able to pull off the attack. Generally high traffic links are also high capacity links, so the botnets size would have to be gigantic to disrupt a major link.

      --
      Football Odds
    3. Re:How is this news? by sseshan · · Score: 5, Interesting

      This is not the same type of attack -- the AS7007 problem was a route hijack attack.

      The sigcomm paper describes a more basic route convergence issue with path vector protocols

      The paper describes the use of packet loss to create a BGP session failure and the impact of repeated announce/withdraw traffic to slow other routers. This is also not new. However, the appropriate point of reference is "RFC 1266 - Experience with the BGP Protocol" (http://www.faqs.org/rfcs/rfc1266.html). Read section 9 -- this points to how packet loss results in BGP failures and points to how ensuring BGP packets have priority fixes this. This was published in 1991 :-) and is generally well known.

      Similarly, I haven't read the referenced NDSS paper (http://www-users.cs.umn.edu/~hopper/lci-ndss.pdf) but I am also surprised that BGP holddown timers don't prevent some of the related route churn problems.

  4. Sigh... by chemicaldave · · Score: 5, Informative

    Can nobody find the actual paper? Oh wait, here it is, free from the altering lens of the media.

  5. Re:Easy Fix by mysidia · · Score: 2

    Obligatory South Park reference. Involving video with kid unplugging and replugging a giant LinkSys-like router to fix the internet.

    Unfortunately the 60 second clip was taken down due to copyright issues, so there is no link for me to back up this reference with.

  6. Yes, you can attack BGP ... by BitZtream · · Score: 2

    and 20 minutes later your upstream provider will kill your links and stop taking BGP announcements from you and life will go one.

    Seriously Taco? Did you take a timothy pill and get retarded too? Why the fuck are you posting these retarded stories about things we've known for literally 30 years and has probably come up at least 10 times on slashdot in the last 5 years.

    Might as well just redirect slashdot.org to 4chan, the IQ seems to be about the same now days.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    1. Re:Yes, you can attack BGP ... by BitZtream · · Score: 2

      If you'd like to stop the specific retarded 'attack' posted in the actual story ... turn on route flap dampening on your router ... which is probably already on, which will stop his 'attack' cold.

      Its not even a BGP attack, its just a DDoS that some how is mysteriously going to work better because of BGP route flapping ... which won't happen since the route will just get dampened into oblivion more and more each time it bounces.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  7. Don't Panic! by Fzz · · Score: 5, Interesting
    I was quoted briefly in the New Scientist article. Here's the longer version of what I said to the reporter.

    I've taken a quick look at this paper, and at the paper describing the actual attack on BGP sessions that this paper depends on (Zhang, Mao and Wang, 2007 (reference 74 in the paper).

    For many years a number of us have speculated that it might be possible to bring down large parts of the Internet by inducing sufficient churn in BGP routing. In principle, it seems it might be possible, but doing it in practice is very different. The closest we've seen in the real world was Jan 25th 2003, when the SQL Slammer worm spread worldwide in a matter on minutes. It affected about 75,000 computers, and then each constantly tried to infect more victims. This causes widespread congestion, and the worldwide BGP routing table decreased in size from about 127,000 routes to 123,000. Some of this was probably due to congestion disrupting routing sessions, and some might have been due to people deliberately disconnecting to avoid further damage. In any event, the Internet backbone survived the event unscathed, but quite a few edge sites fell off the Internet.

    The attack described in the paper supposes a larger number of compromised computers (250,000), but the Internet has got bigger and routers have got faster since 2003, so likely the relative traffic levels would be similar. The attack also proposes using the targetted attack described in Zhang, Mao and Wang, and targetting specific links to create maximum effect. So it's reasonable to suppose that if such an attack were successful, the impact would be greater than the Slammer event.

    So, there are two questions:

    • 1. could you disrupt routing associations in the way described.
    • 2. if you could, would the effects be as described in the paper.

    In answer to 1: Zhang, Mao and Wang describe in their paper how to defend against such attacks - by simply enabling prioritization of routing traffic - something that is possible on most commercial routers. If ISPs do this, then it seems that the attack in the paper would be thwarted. I don't know how many ISPs do enable this, but if such an attack were seen in the wild, I'm certain most of them would.

    On 2: even if you could disrupt routing associations as described, I doubt the Internet would behave as described. The simulations in the paper make a lot of simplifying assumptions, which is necessary to simulate on this scale. But in hiding all the internal topology of ISP networks, they also hide bottlenecks that would make the attack less effective. And the way they model routers queuing routes internally is simply wrong - no router has a large enough queue size to delay processing by 100 minutes, as described in the paper. As a result I have no confidence in the predictions of how the global routing system responds to this attack.

    To be clear: nobody knows if it's possible to bring down the global Internet routing system. The attack in the paper probably could cause significant disruption, at least until ISPs reconfigured their routers. But I doubt the attack would be successful in the way described in the paper.

  8. News: All Online Data Lost After Internet Crash by iMadeGhostzilla · · Score: 2

    http://www.theonion.com/video/breaking-news-all-online-data-lost-after-internet,14148/

    "An emergency meeting of Internet power players has been arranged. The group includes Steve Jobs, Bill Gates, and Craig of Craigslist."

  9. The article is crap by Yvanhoe · · Score: 2
    You can stop reading at "cyberweapon". Interestingly, the author onhis webpage mentions that he is a victim of this : http://www.phdcomics.com/comics.php?f=1174

    The paper making this madness appear on the news is apparently this one : http://www-users.cs.umn.edu/~schuch/papers/lci-ndss.pdf

    It describes an attack on BGP routers. From its abstract (that could be the f***ing summary of an article of a "news for nerds" website) :

    Through simulations we show that botnets on the order of 250, 000 nodes can increase process- ing delays from orders of microseconds to orders of hours.

    But also what sensationalist newspaper will NEVER publish short of death threaths :

    We also propose and validate a defense against CXPST. Through simulation we demonstrate that current defenses are insufficient to stop CXPST. We propose an alternative, low cost, defense that is successful against CXPST, even if only the top 10% of Autonomous Systems by degree deploy it. Additionally, we consider more long term defenses that stop not only CXPST, but similar attacks as well.

    --
    The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
  10. Why not just throttle the propagation? by Arancaytar · · Score: 2

    I gather that while one individual router is taken down by an ordinary DDoS (which is difficult to fend off), the global cascade effect results from BGP traffic generated by the attacked router. If the router just waited a while before announcing itself after reconnecting, it would strain the surrounding routers a lot less.
    The neighboring routers could do the same - simply wait before propagating any changes, and suddenly out of a hundred BGP updates per minute coming in from the affected link, only a single one is passed on.

    The infrastructure would be somewhat slower to respond to sudden changes, but those aren't supposed to happen regularly anyway.

  11. Naive assumption? by kheldan · · Score: 2
    From TFA:

    So is internet meltdown now inevitable? Perhaps not. The attack is unlikely to be launched by malicious hackers, because mapping the network to find a target link is a highly technical task, and anyone with a large enough botnet is more likely to be renting it out for a profit.

    ..unless, of course, the would-be attacker is some malevolent government. I don't think I need mention any names here, except that at least one of them starts with a 'C'.

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
  12. RFC 2439 by ZerXes · · Score: 2

    Isn't this exactly what route flap damping (RFC 2439) that is used on most BGProuters today is made to prevent? Wouldn't the routers just class the link as "flapping" and ignore updates for it for a while?

  13. It wouldn't work these days but... by JSC · · Score: 2

    ...about 18-20 years ago, when the WorldWideWeb consisted of about 50 sites - all text based - and things were a LOT looser, some yutz screwed up his router config and set his public IP to 127.0.0.1. It didn't really "crash" the internet but there was this incredible sucking sound as all those packets tried to go home.

    Then there was the backhoe operator a couple of years later who was working near a railroad right of way and dug up a fiber bundle belonging to one of the major carriers of the time (MCI IIRC). He ended up blacking out most of the US Eastern Seaboard.

    And then there was LDDS (sometimes knows as Larry, Darryl and Darryl Service) who reportedly placed a regional switch in a basement near The Point in Pittsburgh just in time for the 1996 flood.

    --
    Time's fun when you're having flies. - Kermit the Frog
  14. What? by Greyfox · · Score: 2

    Mr. Morris did that back in the 80's for a few hours. I was in a computer lab at college when a couple of the lab operators noticed that the Internet was going down. With a stupid little UNIX worm no less! You kids with your new-fangled routing protocols need to get off my lawn!

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  15. Here's why their paper is 100% incorrect. by Mordant · · Score: 2

    -----

    1. There are three generally agreed-upon planes, not two - control, management, and data.

    2. The described methodology isn't novel. Observing the effects of attacks is something attackers do routinely, as is attack selectivity in order to garner maximum impact. This goes back a couple of decades with regards to DDoS attacks in particular.

    3. Routers will continue to forward and process priority 6/7 traffic - i.e., control-plane traffic like BGP - whilst dropping enough data-plane traffic to ensure sufficient link bandwidth & RP/LC CPU overhead to keep routing sessions up and process routing updates. This undercuts the central thesis of the paper.

    4. Re-marking all priority 6/7 traffic at the edge is a best current practice (BCP) for network operators; this prevents attackers from sending floods of priority 6/7 traffic in order to force punts.

    5. iACLs and GTSM, two more BCPs, protect BGP sessions against direct attack via SYN-flooding, et. al.

    6. Control-plane policing (CoPP) is yet another BCP which indirectly limits the number of updates/sec via rate-limiting control-plane traffic exchanged between routers.

    So, the assertions of novelty in the paper aren't really justified, nor are all the assumptions and assertions regarding the way routers work and the way they handle control-plane traffic. Also, standard BCPs to protect control-plane traffic aren't taken into account. Nor are routine defensive BCPs discussed and taken into account.

    Finally, there are other mechanisms which are considerably more effective in disrupting control-plane communication due to high RP CPU which aren't touched upon in the paper, nor are they cited in references. Though there are defenses against those attack mechanisms, as well, they aren't as well-known.

    It's generally a good idea for researchers to consult with members of the global operational security (opsec) community while looking for topics and methodologies which are truly unique. This saves a lot of time and effort in duplicating existing work and going down paths which don't lead to truly novel research and results.

    It's also a good idea for researchers investigating routing resilience to launch real attacks (in a lab environment) on real routers, rather than just theorizing and simulating, in order to gain an understanding of how they actually behave under attack, and how the various BCPs and other defensive mechanisms come into play.

    This .pdf presentation may be of interest, as well.