BGP

Question 1

IP Prefix Hijacking

Answer 1

• malicious AS originates a prefix it does not own

- subprefix hijacking: originate longer (more specific prefix)

Question 2

BGP Protocol

Answer 2

• TCP messages over port 179

- OPEN, UPDATE, KEEP-ALIVE, NOTIFICATION

Question 3

BGP Interception

Answer 3

• Hijack traffic and then send it to leg. AS
  1. selectively announce prefix to some neighbors
  2. use bgp poisoning
  3. use bgp communities to ensure that announcement only reaches certain ASes

Question 4

BGP poisoning

Answer 4

Hijack some prefix by originating target prefix, but add a neighbor AS in the AS path, so that this AS will reject the path and can act as leg. path to the target prefix for interception attacks.

Question 5

Get TLS Certificate

Answer 5

request cert but hijack traffic in which CA tries to validate HTML challenge to attackers server. Obviously attacker can prove control of this server.

Question 6

RPKI

Answer 6

origin authentication for prefix announcements

• AS checks origin of prefix against secure database (RPKI) of Route Origin Authenticatinos (ROAs)
• origin auth. is not enough. malicious AS can append itself to a existing path
• verification of signatures is done offline

Question 7

BGPSec

Answer 7

• Secures the AS-PATH attribute
• origin authentication + cryptographic sig. to prove that path was correctly updated
• RPKI used to verify AS key material
  ISSUE:
• AS use legacy BGP and most don’t priorities security
• performance degradation

Question 8

Path End Validation

Answer 8

additionally to origin auth. store next hop as well in RPKI. Attacker can not directly append itself to the origin and longer routes are usually not taken.

Question 9

extensive monitoring

Answer 9

• monitor update messages and prefer routes that agree with the past
• generate reports or alerts

Question 10

OSPF

Answer 10

• Open shortest path first

- Interior gateway protocol