|
 ABSTRACT
We use a realistic interdomain routing experiment platform to conduct real-time attack and defense exercises for training purposes. Our interdomain routing experiment platform integrates open-source router software, real-time network simulation, and light-weight machine virtualization technologies, and is capable of supporting realistic large-scale routing experiments. The network model used consists of major autonomous systems connecting Swedish Internet users with realistic routing configurations derived from the routing registry. We conduct a series of real-time security exercises on this routing system to study the consequence of intentionally propagating false routing information on interdomain routing and the effectiveness of corresponding defensive measures. We describe three kinds of simplistic BGP attacks in the context of security exercises designed specifically for training purposes. While an attacker can launch attacks from a compromised router by changing its routing policies, administrators will be able to observe the adverse effect of these attacks and subsequently apply appropriate defensive measures to mitigate their impact,such as installing filtering rules. These exercises, all carried out in real time, demonstrate the feasibility of routing experiments using the real-time routing experiment platform.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
 |
1
|
Hitesh Ballani , Paul Francis , Xinyang Zhang, A study of prefix hijacking and interception in the internet, Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications, August 27-31, 2007, Kyoto, Japan
|
| |
2
|
Paul Barham , Boris Dragovic , Keir Fraser , Steven Hand , Tim Harris , Alex Ho , Rolf Neugebauer , Ian Pratt , Andrew Warfield, Xen and the art of virtualization, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
|
| |
3
|
|
| |
4
|
Andy Bavier , Nick Feamster , Mark Huang , Larry Peterson , Jennifer Rexford, In VINI veritas: realistic and controlled network experimentation, Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, September 11-15, 2006, Pisa, Italy
|
| |
5
|
S. Bhatia et al. Hosting virtual networks on commodity hardware. Technical Report GT-CS-07-10, Georgia Tech Computer Science, 2008.
|
| |
6
|
K. Butler et al. A survey of BGP security issues and solutions. Technical report, AT&T Labs, 2005.
|
| |
7
|
Y.-J. Chi, R. Oliveira, and L. Zhang. Cyclops: The Internet AS-level observatory. CCR 2008.
|
| |
8
|
S. Convery and M. Franz. BGP vulnerability testing: Separating fact from FUD v1.1. NANOG 28, 2003.
|
| |
9
|
|
| |
10
|
EmuLab. http://www.emulab.net/.
|
| |
11
|
|
| |
12
|
|
| |
13
|
|
| |
14
|
Jintae Kim , Steven Y. Ko , David M. Nicol , Xenofontas A. Dimitropoulos , George F. Riley, A BGP attack against traffic engineering, Proceedings of the 36th conference on Winter simulation, December 05-08, 2004, Washington, D.C.
|
| |
15
|
|
| |
16
|
M. Liljenstam. Simulating the national-level impact of routing attacks in Sweden. SNCNW'06. Available at http://liljenstam.net/publication_ docs/sncnw2006.pdf.
|
| |
17
|
Michael Liljenstam , Jason Liu , David Nicol , Yougu Yuan , Guanhua Yan , Chris Grier, RINSE: The Real-Time Immersive Network Simulation Environment for Network Security Exercises, Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation, p.119-128, June 01-03, 2005
[doi> 10.1109/PADS.2005.23]
|
| |
18
|
|
| |
19
|
|
| |
20
|
J. Liu et al. An open and scalable emulation infrastructure for large-scale real-time network simulations. INFOCOM'07.
|
| |
21
|
P. McDaniel. Iseb: Trace driven modeling of Internet scale BGP attacks and countermeasures. DETER/EMIST Workshop 2005.
|
| |
22
|
S. A. Misel. Wow, AS7007! NANOG mail archives, http://www.merit.edu/mail.archives/ nanog/1997-04/msg00340.html, 1997.
|
| |
23
|
OpenVPN. http://www.openvpn.net/.
|
| |
24
|
OpenVZ. http://openvz.org/.
|
| |
25
|
PlanetLab. http://www.planet-lab.org/.
|
| |
26
|
B. Quoitin and S. Uhlig. Modeling the routing of an autonomous system with C-BGP. IEEE Network, 19(6), 2005.
|
| |
27
|
RIPE NCC. http://www.ripe.net/.
|
| |
28
|
RIPE NCC. YouTube hijacking: A RIPE NCC RIS case study. http://www.ripe.net/news/ study-youtube-hijacking.html, 2008.
|
| |
29
|
Routeviews. http://www.routeviews.org.
|
| |
30
|
G. Siganos and M. Faloutsos. Analyzing BGP policies: methodology and tool. INFOCOM'04.
|
| |
31
|
VMWare Workstation. http://www.vmware.com/ products/ws/.
|
| |
32
|
XORP users mailing list. http://mailman.icsi. berkeley.edu/pipermail/xorp-users/ 2008-April/002515%.html.
|
| |
33
|
K. Zetter. Revealed: The Internet's biggest security hole. http://blog.wired.com/27bstroke6/ 2008/08/revealed-the-in.html.
|
| |
34
|
Changxi Zheng , Lusheng Ji , Dan Pei , Jia Wang , Paul Francis, A light-weight distributed scheme for detecting ip prefix hijacks in real-time, Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications, August 27-31, 2007, Kyoto, Japan
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
C.2