BGP Security Vulnerabilities Analysis
RFC 4272
Document | Type | RFC - Informational (January 2006; No errata) | |
---|---|---|---|
Author | Sandra Murphy | ||
Last updated | 2018-12-20 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4272 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Alex Zinin | ||
Send notices to | shares@nexthop.com, yakov@juniper.net |
Network Working Group S. Murphy Request for Comments: 4272 Sparta, Inc. Category: Informational January 2006 BGP Security Vulnerabilities Analysis Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract Border Gateway Protocol 4 (BGP-4), along with a host of other infrastructure protocols designed before the Internet environment became perilous, was originally designed with little consideration for protection of the information it carries. There are no mechanisms internal to BGP that protect against attacks that modify, delete, forge, or replay data, any of which has the potential to disrupt overall network routing behavior. This document discusses some of the security issues with BGP routing data dissemination. This document does not discuss security issues with forwarding of packets. Murphy Informational [Page 1] RFC 4272 BGP Security Vulnerabilities Analysis January 2006 Table of Contents 1. Introduction ....................................................3 1.1. Specification of Requirements ..............................5 2. Attacks .........................................................6 3. Vulnerabilities and Risks .......................................7 3.1. Vulnerabilities in BGP Messages ............................8 3.1.1. Message Header ......................................9 3.1.2. OPEN ................................................9 3.1.3. KEEPALIVE ..........................................11 3.1.4. NOTIFICATION .......................................11 3.1.5. UPDATE .............................................11 3.1.5.1. Unfeasible Routes Length, Total Path Attribute Length .....................12 3.1.5.2. Withdrawn Routes ..........................13 3.1.5.3. Path Attributes ...........................13 3.1.5.4. NLRI ......................................16 3.2. Vulnerabilities through Other Protocols ...................16 3.2.1. TCP Messages .......................................16 3.2.1.1. TCP SYN ...................................16 3.2.1.2. TCP SYN ACK ...............................17 3.2.1.3. TCP ACK ...................................17 3.2.1.4. TCP RST/FIN/FIN-ACK .......................17 3.2.1.5. DoS and DDos ..............................18 3.2.2. Other Supporting Protocols .........................18 3.2.2.1. Manual Stop ...............................18 3.2.2.2. Open Collision Dump .......................18 3.2.2.3. Timer Events ..............................18 4. Security Considerations ........................................19 4.1. Residual Risk .............................................19 4.2. Operational Protections ...................................19 5. References .....................................................21 5.1. Normative References ......................................21 5.2. Informative References ....................................21 Murphy Informational [Page 2] RFC 4272 BGP Security Vulnerabilities Analysis January 2006 1. Introduction The inter-domain routing protocol BGP was created when the Internet environment had not yet reached the present, contentious state. Consequently, the BGP design did not include protections against deliberate or accidental errors that could cause disruptions of routing behavior. This document discusses the vulnerabilities of BGP, based on the BGP specification [RFC4271]. Readers are expected to be familiar with the BGP RFC and the behavior of BGP. It is clear that the Internet is vulnerable to attack through its routing protocols and BGP is no exception. Faulty, misconfigured, or deliberately malicious sources can disrupt overall Internet behavior by injecting bogus routing information into the BGP-distributed routing database (by modifying, forging, or replaying BGP packets). The same methods can also be used to disrupt local and overall network behavior by breaking the distributed communication of information between BGP peers. The sources of bogus information can be either outsiders or true BGP peers. Cryptographic authentication of peer-peer communication is not anShow full document text