The Maestro Attack: Orchestrating Malicious Flows with BGP

05/19/2019
by   Tyler McDaniel, et al.
0

We present the Maestro attack, a novel Link Flooding Attack (LFA) that leverages control-plane traffic engineering techniques to concentrate botnet-sourced Distributed Denial of Service flows on transit links. Executed from a compromised or malicious Autonomous System (AS), Maestro advertises specific-prefix routes poisoned for selected ASes to collapse inbound traffic paths onto a single target link. A greedy heuristic fed by publicly available AS relationship data iteratively builds the set of ASes to poison. Given a compromised BGP speaker with advantageous positioning relative to the target link in the Internet topology, an adversary can expect to enhance total flow density by more than 30 augmenting a DDoS by more than a million additional infected hosts. Interestingly, the size of the adversary-controlled AS plays little role in this amplification effect. Devastating attacks on core links can be executed by small, resource-limited ASes. To understand the scope of the attack, we evaluate widespread Internet link vulnerability across several metrics, including BGP betweenness and botnet flow density. We then assess where an adversary must be positioned to execute the attack most successfully. Finally, we present effective mitigations for network operators seeking to insulate themselves from this attack.

READ FULL TEXT
research
03/01/2019

Detecting Target-Area Link-Flooding DDoS Attacks using Traffic Analysis and Supervised Learning

A novel class of extreme link-flooding DDoS (Distributed Denial of Servi...
research
08/14/2022

Link-Backdoor: Backdoor Attack on Link Prediction via Node Injection

Link prediction, inferring the undiscovered or potential links of the gr...
research
10/08/2021

Dyn-Backdoor: Backdoor Attack on Dynamic Link Prediction

Dynamic link prediction (DLP) makes graph prediction based on historical...
research
12/31/2017

Early detection of Crossfire attacks using deep learning

Crossfire attack is a recently proposed threat designed to disconnect wh...
research
11/28/2017

Towards Provably Invisible Network Flow Fingerprints

Network traffic analysis reveals important information even when message...
research
11/17/2022

More Effective Centrality-Based Attacks on Weighted Networks

Only when understanding hackers' tactics, can we thwart their attacks. W...
research
02/23/2012

How to Bypass Verified Boot Security in Chromium OS

Verified boot is an interesting feature of Chromium OS that supposedly c...

Please sign up or login with your details

Forgot password? Click here to reset