Examining Theoretical Attacks on the Internet's Core

Wednesday, March 16, 2011



Ram Mohan of SecurityWeek has an interesting writeup exploring recent research that examines vulnerabilities that may one day lead to a viable attack that could take down the Internet, even if only temporarily.

The general concensus is that the nature of the Internet's decentralized design makes it resilient and more or less impervious to attack, but that may not always be the case, as Mohan explains:

"Recently, a new such attack was devised. Security researchers from the University of Minnesota came up with what they called Coordinated Cross Plane Session Termination (CXPST), a form of DDoS attack designed to cause wide-scale disruption to Internet traffic. CXPST targets core routers, which are the main super-high-end devices responsible for pumping data around the Internet. Building upon earlier findings, the researchers designed an attack that could be classified as an "Internet Killer" using a botnet of only 250,000 nodes and overcoming traditional defenses," Mohan writes.

"A phenomenon known as BGP "flapping" occurs when poor configuration mean routes alternate between availability and unavailability in BGP tables. What the Minnesota researchers claim to have discovered is a way to carefully time and target attacks precisely to induce massive-scale route flapping, overloading routers' computational resources as tables are repeatedly recalculated and re-advertised, leading to a cascading failure that could render most of the Internet's traffic unrouteable."

At present, a number of obstacles make such an attack extremely unlikely, such as the vast size of the botnet needed to carry out such an attack, and the typical botnet employs PCs, which do not speak BGP.

Though, it should be noted that the Rustock botnet is estimated to have about 250,000 computers under its control.

Another obstacle is that the CXPST technique uses the Internet to attack itself, and the article examines how the botnet used would require custom algorithms to provide reconnaissance so the attackers could avoid cutting off their own accessibility during the operation.

Mohan goes on to discuss how the researchers have devised a novel approach to the CXPST attack technique, utilizing a previously published attack that tears down BGP sessions between routers.

The researchers ran a simulation and were able to demonstrate that a CXPST type of attack could "cause significant disruption to the core Internet infrastructure, potentially disabling the entire network," and keep core routes offline for hours.

While the CXPST attack is still purely theoretical, with regards to information security, it is often demonstrated that the "possible" soon becomes the "probable", and the researchers made several suggestions on long term architectural changes that can be made to reduce the possibility of such an attack.

Source:  http://www.securityweek.com/attacking-internets-core

Possibly Related Articles:
Botnets internet DDoS Headlines Routers CXPST BGP
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.