^ Top

NANOG Meeting Presentation Abstract

Flooding Attacks by Exploiting Persistent Forwarding Loops
Meeting: NANOG36
Date / Time: 2006-02-14 10:50am - 11:20am
Room: Regency Ballroom
Presenters: Speakers:

Jianhong Xia, University of Massachusetts

Jianhong Xia is a Ph.D. Candidate in the Department of Electrical and Computer Engineering at the University of Massachusetts at Amherst. He received his B.S. and M.S. degrees from the Department of Automation at the University of Science and Technology of China (USTC) in China in 1993 and 1996, respectively. Jianhong is expecting to receive his Ph.D. this summer. His research interests include Internet measurements and monitoring, analysis of Internet traffic dynamics, Internet infrastructure vulnerability, and network security.
Lixin Gao, University of Massachusetts.
Teng Fei, University of Massachusetts.
Abstract: Persistent forwarding loops can be exploited by flooding attacks in the Internet. This happens because persistent forwarding loops may share one or more links with forwarding paths to reachable addresses. An attacker can exploit persistent forwarding loops to overload the shared links to disrupt Internet connectivity to those reachable addresses.
To understand the extent of this vulnerability, we perform extensive measurements to systematically study persistent forwarding loops and the number of network addresses that can be affected. We find that persistent forwarding loops do exist in the current Internet. About 2.47% of routable addresses experience persistent forwarding loops and 0.78% of routable addresses can be attacked by exploiting persistent forwarding loops.

In addition, 81.8% of the persistent forwarding loops appear within destination domains and they can be observed from various locations, which makes it possible to launch attacks from many vantage points. We also find that most persistent forwarding loops are just two hops long, which enables an attacker to amplify traffic to persistent forwarding loops significantly.

The possible causes of persistent forwarding loops could be misconfiguration of the common usages of default routes and static routes. In this talk, we show an example in whcih a network administrator neglects to configure a \"pull-up route\" at a border router to his/her upstream provider, which leads to persistent forwarding loop.

The complete paper is available at http://rio.ecs.umass.edu/mnilpub/papers/jxia-imc05.pdf
Files: youtubeFlooding Attacks by Exploiting Persistent Forwarding Loops
pdfJianhong Xia Presentation(PDF)
Sponsors: None.

Back to NANOG36 agenda.

NANOG36 Abstracts


^ Back to Top