datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

BGP Security Vulnerabilities Analysis
RFC 4272

Document type: RFC - Informational (January 2006)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4272 (Informational)
Responsible AD: Alex Zinin
Send notices to: shares@nexthop.com, yakov@juniper.net

Network Working Group                                          S. Murphy
Request for Comments: 4272                                  Sparta, Inc.
Category: Informational                                     January 2006

                 BGP Security Vulnerabilities Analysis

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   Border Gateway Protocol 4 (BGP-4), along with a host of other
   infrastructure protocols designed before the Internet environment
   became perilous, was originally designed with little consideration
   for protection of the information it carries.  There are no
   mechanisms internal to BGP that protect against attacks that modify,
   delete, forge, or replay data, any of which has the potential to
   disrupt overall network routing behavior.

   This document discusses some of the security issues with BGP routing
   data dissemination.  This document does not discuss security issues
   with forwarding of packets.

Murphy                       Informational                      [Page 1]
RFC 4272         BGP Security Vulnerabilities Analysis      January 2006

Table of Contents

   1. Introduction ....................................................3
      1.1. Specification of Requirements ..............................5
   2. Attacks .........................................................6
   3. Vulnerabilities and Risks .......................................7
      3.1. Vulnerabilities in BGP Messages ............................8
           3.1.1. Message Header ......................................9
           3.1.2. OPEN ................................................9
           3.1.3. KEEPALIVE ..........................................11
           3.1.4. NOTIFICATION .......................................11
           3.1.5. UPDATE .............................................11
                  3.1.5.1. Unfeasible Routes Length, Total
                           Path Attribute Length .....................12
                  3.1.5.2. Withdrawn Routes ..........................13
                  3.1.5.3. Path Attributes ...........................13
                  3.1.5.4. NLRI ......................................16
      3.2. Vulnerabilities through Other Protocols ...................16
           3.2.1. TCP Messages .......................................16
                  3.2.1.1. TCP SYN ...................................16
                  3.2.1.2. TCP SYN ACK ...............................17
                  3.2.1.3. TCP ACK ...................................17
                  3.2.1.4. TCP RST/FIN/FIN-ACK .......................17
                  3.2.1.5. DoS and DDos ..............................18
           3.2.2. Other Supporting Protocols .........................18
                  3.2.2.1. Manual Stop ...............................18
                  3.2.2.2. Open Collision Dump .......................18
                  3.2.2.3. Timer Events ..............................18
   4. Security Considerations ........................................19
      4.1. Residual Risk .............................................19
      4.2. Operational Protections ...................................19
   5. References .....................................................21
      5.1. Normative References ......................................21
      5.2. Informative References ....................................21

Murphy                       Informational                      [Page 2]
RFC 4272         BGP Security Vulnerabilities Analysis      January 2006

1.  Introduction

   The inter-domain routing protocol BGP was created when the Internet
   environment had not yet reached the present, contentious state.
   Consequently, the BGP design did not include protections against
   deliberate or accidental errors that could cause disruptions of
   routing behavior.

   This document discusses the vulnerabilities of BGP, based on the BGP
   specification [RFC4271].  Readers are expected to be familiar with
   the BGP RFC and the behavior of BGP.

   It is clear that the Internet is vulnerable to attack through its
   routing protocols and BGP is no exception.  Faulty, misconfigured, or
   deliberately malicious sources can disrupt overall Internet behavior
   by injecting bogus routing information into the BGP-distributed
   routing database (by modifying, forging, or replaying BGP packets).
   The same methods can also be used to disrupt local and overall
   network behavior by breaking the distributed communication of

[include full document text]