Network Routing Protocols ǁ A Brief Introduction

to Border Gateway Protocol Security Issues

Flavio Rodrigues

CDI College – Montreal ǁ Campus Flavio Tavares Rodrigues

All Rights Reserved. May not be copied, scanned
or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom
use.
 CDI College Montreal
Course: 420-GR1-ID Cybersecurity Specialist Profession
Program: Cybersecurity Specialist

Produced by Flavio Tavares Rodrigues, under the orientation

of Prof. Engr. Elmary, MOHAMED
Table of Contents
 Objectives
 Context & Introduction
 Network Routing Protocols
 Theoretical Foundation
 Basic Important Concepts
 Routing Process Characteristics
 Routing and Routing Protocols
 BGP Security Issues and Vulnerabilities
 Sources of Threats
 Sources of Threats Against BGP
 Concluding Remarks
 References
 Objectives

This project is a short study on the Network Routing Protocols and a brief
overview on the Border Gateway Protocol (BGP) Security Issues.

I'm going to talk a little about network protocols, the characterization of the
routing process and finally about sources of threats against BGP.
 Context & Introduction
Since the world began to exist, man has always needed to communicate in order
to carry out his activities. Language and communication have always been part of
man's life on earth.

Man's concern with always wanting to communicate has led him to develop
techniques and methods to ensure increasingly effective communication.

With time, man evolved and sought to develop techniques that made this process
increasingly easier, until the internet emerged.
 Theoretical Foundation
Before I refer directly about routing protocols, it is important to understand the context and
the need for a standardized model for network communication. Therefore, when we talk
about Routing Protocols, we are talking about networks, and when we talk about networks,
we are talking about devises and the way they communicate one another.

Exchanging information between devices on a network is a complex task, and as technology

advances, it becomes increasingly important to have a system that facilitates interaction
between different devices and communication protocols.

I can't talk about routing protocols without talk about a few concepts such as: network, what
is a router, what is a switch, what is a protocol, etc. etc.

For this reason, I wanted to firstly introduce some important concepts.

 Basic Important Concepts

Computer Network

A computer network is defined as a system that connects two or more computing devices for
transmitting and sharing information.

Internet Protocols

Internet protocols are a set of rules and standards that make up a kind of “universal
language” between computers and devices, enabling communication, connection or data
transfer between any machines connected to the internet.
Example of a Network
This allows computers to talk to each other regardless of manufacturers or operating
systems.

It is precisely this communication between computer systems that allows access to websites,
downloading files, sending and receiving emails, among other common actions carried out on
the internet.

Switches and Routers

A switch is an equipment that allows two or more devices to communicate with one another
on a network and the routers take them to the internet.

A router serves two primary functions: managing traffic between these networks by
forwarding data packets to their intended IP addresses, and allowing multiple devices to use
the same Internet connection.
 Characteristics of the Routing Process

The internet is not considered a computer network, but rather a set of different networks that
use some common protocols that allow end-to-end communication. For this reason, it is
important to deeply analyze how computer networks are structured and how they work.
There are two basic reference models when it comes to computer networks. They are the
OSI model (Open Systems Interconnection) and the TCP/IP model (Transmission Control
Protocol/Internet Protocol). Both models work with the idea of subdividing the computer
network into layers so that it is better understood. The main difference between the models is
the number of layers. The OSI model divides it into 7 layers while the TCP/IP model divides it
into just 4.

There is a great correlation between the models, where it is said that the TCP/IP model is a
slightly more simplified and optimized version in relation to the OSI model.
OSI and TCP/IP Model

This is a sample text.

Insert your desired text
here.

This is a sample text.

Insert your desired text
here.
 OSI and TCP/IP Model

Each of these layers has its own functions and protocols so that data is sent from one user
to another efficiently and securely. One of the most important and studied layers is the
network layer, which is responsible for the source and destination address of packets,
known as IP (Internet Protocol), and also responsible for routing packets from source to
destination. This term routing is the name given to the services performed by the router
and basically consists of determining the best routes for sending packets and transporting
them to the final destination.

This process is also only possible through a set of protocols, which we call: Routing
Protocols..
 Routing and Routing Protocols

Routing is the process of moving information from a source to a destination across the
internetwork. Typically, at least one intermediate node is encountered along the path. Routing
takes place at Layer 3 (the network layer) of the OSI model. Typically, networks employ a
combination of static and dynamic routing. Static routing is preferable for small networks,
whereas dynamic routing is ideal for large networks.

Routing protocols are mechanisms for exchanging routing information between routers to
make routing decisions. Routing protocols can facilitate effective and efficient communication
between computer networks. Regardless of the scale of the network, these protocols
facilitate the secure delivery of data to its destination. Understanding the various categories
and types helps determine which routing method will best meet your goals.
Depending on their properties, routing protocols can be categorized into distinct classes. In
particular, routing protocols can be categorized according to their:

Behavior: Classful (legacy) or classless protocol.

Purpose: Interior Gateway Protocol (IGP) or Exterior Gateway Protocol (EGP).
Operation: Path-vector protocol, distance vector protocol, and link-state protocol.

IPv4 routing protocols are categorized as follows:

RIPv1 (legacy): IGP, distance vector, classful protocol

RIPv2: IGP, distance vector, classless protocol
OSPF: IGP, link-state, classless protocol
IGRP:
EIGRP: IGP, distance vector, classless protocol
EGP
BGP: EGP, classless path-vector protocol
IS-IS: Internet Protocol, link-state, classless
Routing Protocols
ROUTING PROTOCOLS

BGP
 Routing Protocols
A good example of an EGP is Border Gateway Protocol, or BGP. This is the most popular protocol you’ll
find in use, because this is what allows all of the devices connected to the internet to be able to route
between each other. It has effectively become in fact a standard for exterior gateway protocols, because
of its popularity.

Border Gateway Protocol (BGP) is a routing protocol for the internet. Just as the mail processes
correspondence, BGP chooses the most efficient routes to deliver internet traffic.

Border Gateway Protocol (BGP) is the protocol that enables the communication to happen quickly &
efficiently, it is like the postal service on the Internet. For example, when someone drops a letter into a
postbox, the post office processes that message and chooses an efficient, fast and reliable route to
deliver to its recipient. Similarly, BGP is the protocol that makes the Internet work, whenever a user in
India loads a website with origin servers in the USA, BGP enables the data routing on the Internet.

And it is about this protocol that I would like to focus on to address the Issues and Vulnerabilities.
 BGP Security Vulnerabilities

The Internet is becoming increasingly important to our daily lives. As new exciting
Internet technology and services are being developed, more and more traditional
communication services are also being moved onto the Internet. As a result, we are
becoming increasingly reliant on the Internet, and decreasingly tolerant of network
connectivity outages. It is important to protect the Internet in order to ensure its
continuous healthy operation.

However, it is well-known that the Internet is not secure, thanks to the wide spread
of worms, viruses, trojans. While many people start to realize security problems
caused by upper layer protocols (e.g., TCP) and software vulnerabilities (e.g.,
buffer overflow), less people are aware of potential damages which can be caused
by exploiting security vulnerabilities of underlying Internet routing protocols.
The Internet routing infrastructure consists of a large number of intermediate systems (i.e.,
routers), each of which runs routing protocols for automatically discovering and maintaining
routing tables. Routing tables are used for making decisions on how traffic should be
forwarded over which paths to reach their ultimate destinations. If a routing table contains
misinformation, wrong routing decisions will be made and traffic flow will be affected.
Examples of consequences include denial of service and man-in-the-middle attacks.

In this report, we study security issues related to the Border Gateway Protocol, which is an
IETF standard and the only inter-domain routing protocol for exchanging routing information
between Autonomous Systems on the Internet. Attacks on BGP can result in large scale
service disruption, and can also be used to facilitate more sophisticated attacks against other
protocols. Therefore, BGP is widely considered by security experts as one of the most
important systems on the Internet which should be secured.

Unlike many other protocols whose security problems can be fixed by changing the protocols
themselves, some security problems related to BGP result from deployment practices other
than the BGP protocol specification itself. Thus, fixing BGP protocol vulnerabilities does not
solve all BGP security problems.
 BGP Security Threats

In this section, I am going to list a number of BGP security threats, but relying more on
potential threat sources and malicious actions an adversary may take to attack BGP.

Sources of Threats

BGP is based on TCP and IP. Thus, it is vulnerable to all threats against its underlying
protocols. For example, BGP is vulnerable to a TCP Reset attack which can result in
significant Internet instability. BGP best practices may help mitigate those threats. Here we
consider threats against the BGP protocol itself.
 Sources of Threats Against BGP

In this session, I'll be listing the main sources of threats against BGP and define only few of
them.

1. Malicious Actions
2. Falsification of NLRI
3. Advanced Spamming
4. Interception of Password Reset Messages
5. Phishing
6. Falsification of AS Path
Malicious Actions

Attacks against BGP control messages (see next paragraph) include, for example, modification,
insertion, deletion, exposure, and replaying of messages.

Interception of Password Reset Messages

One possible attack using prefix hijacking is to intercept password reset messages2 for gaining
illegitimate access to other people’s email accounts. A traditional way of doing this is to crack the
password of a victim account by either offline or online dictionary attacks.

Phishing

A primary objective of phishing is to steal people’s confidential information, e.g., credit card numbers,
social insurance numbers, date of birth, home addresses, etc. so that they can be used directly or
indirectly (sold to a third party) for financial benefit. A phisher usually sends out spams to a large number
of people using well-known sender addresses (e.g., the email address of the security team of a well-
known bank) to ask a recipient to reset its account by going to a spammer-controlled website and filling
in confidential information. The link to a fraudulent website can be a numeric IP address, an irrelevant
domain name, or a domain name very similar to the real one of a claimed organization.
 Concluding Remarks

BGP is the only inter-domain routing protocol used on the Internet. It is vulnerable to a
variety of attacks, and it must be secured to protect the Internet routing infrastructure,
which is now clearly recognized as a critical infrastructure, from being misused. There are
several proposals for securing BGP. However, none of them has been deployed efficiently.
References

"History for rfc1105". IETF. Retrieved 1 December 2023.

"BGP: Border Gateway Protocol Explained". Orbit-Computer Solutions.Com.

Archived from the original on 2013-09-28. Retrieved 2013-10-08.

B. Wu. “Simulation Based Performance Analyses on RIPv2, EIGRP, and OSPF Using OPNET.”
Internet: http://digitalcommons.uncfsu.edu/cgi/viewcontent.cgi?article=1011&context=macsc_wp
Aug. 20, 2011, [Mar. 15, 2013]

D. Xu. “OSPF, EIGRP, and RIP performance analysis based on OPNET.” Internet:
www.sfu.ca/~donx, [Mar. 15, 2013].

J. Varsalone, in Cisco CCNA/CCENT Exam 640-802, 640-822, 640-816 preparation kit [electronic
resource] : with Cisco router simulations, Rockland, Mass. : Syngress ; Oxford: Elsevier Science, 2009.
Thank You!

25