BGP Security Vulnerabilities Analysis
RFC 4272
|
| Document |
Type |
|
RFC - Informational
(January 2006; No errata)
|
|
Last updated |
|
2013-03-02
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
pdf
html
bibtex
|
| Stream |
WG state
|
|
(None)
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 4272 (Informational)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
Alex Zinin
|
|
Send notices to |
|
shares@nexthop.com, yakov@juniper.net
|
Network Working Group S. Murphy
Request for Comments: 4272 Sparta, Inc.
Category: Informational January 2006
BGP Security Vulnerabilities Analysis
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
Border Gateway Protocol 4 (BGP-4), along with a host of other
infrastructure protocols designed before the Internet environment
became perilous, was originally designed with little consideration
for protection of the information it carries. There are no
mechanisms internal to BGP that protect against attacks that modify,
delete, forge, or replay data, any of which has the potential to
disrupt overall network routing behavior.
This document discusses some of the security issues with BGP routing
data dissemination. This document does not discuss security issues
with forwarding of packets.
Murphy Informational [Page 1]
RFC 4272 BGP Security Vulnerabilities Analysis January 2006
Table of Contents
1. Introduction ....................................................3
1.1. Specification of Requirements ..............................5
2. Attacks .........................................................6
3. Vulnerabilities and Risks .......................................7
3.1. Vulnerabilities in BGP Messages ............................8
3.1.1. Message Header ......................................9
3.1.2. OPEN ................................................9
3.1.3. KEEPALIVE ..........................................11
3.1.4. NOTIFICATION .......................................11
3.1.5. UPDATE .............................................11
3.1.5.1. Unfeasible Routes Length, Total
Path Attribute Length .....................12
3.1.5.2. Withdrawn Routes ..........................13
3.1.5.3. Path Attributes ...........................13
3.1.5.4. NLRI ......................................16
3.2. Vulnerabilities through Other Protocols ...................16
3.2.1. TCP Messages .......................................16
3.2.1.1. TCP SYN ...................................16
3.2.1.2. TCP SYN ACK ...............................17
3.2.1.3. TCP ACK ...................................17
3.2.1.4. TCP RST/FIN/FIN-ACK .......................17
3.2.1.5. DoS and DDos ..............................18
3.2.2. Other Supporting Protocols .........................18
3.2.2.1. Manual Stop ...............................18
3.2.2.2. Open Collision Dump .......................18
3.2.2.3. Timer Events ..............................18
4. Security Considerations ........................................19
4.1. Residual Risk .............................................19
4.2. Operational Protections ...................................19
5. References .....................................................21
5.1. Normative References ......................................21
5.2. Informative References ....................................21
Murphy Informational [Page 2]
RFC 4272 BGP Security Vulnerabilities Analysis January 2006
1. Introduction
The inter-domain routing protocol BGP was created when the Internet
environment had not yet reached the present, contentious state.
Consequently, the BGP design did not include protections against
deliberate or accidental errors that could cause disruptions of
routing behavior.
This document discusses the vulnerabilities of BGP, based on the BGP
specification [RFC4271]. Readers are expected to be familiar with
the BGP RFC and the behavior of BGP.
It is clear that the Internet is vulnerable to attack through its
routing protocols and BGP is no exception. Faulty, misconfigured, or
deliberately malicious sources can disrupt overall Internet behavior
by injecting bogus routing information into the BGP-distributed
routing database (by modifying, forging, or replaying BGP packets).
The same methods can also be used to disrupt local and overall
network behavior by breaking the distributed communication of
information between BGP peers. The sources of bogus information can
be either outsiders or true BGP peers.
Cryptographic authentication of peer-peer communication is not an
Show full document text