HTTP://IPSECS.COM TIME TO SHUTDOWN INTERNET CORE ROUTER
COMMUNICATION Analog communication Digital communication Analog communication to digital communication convergence Internet Protocol
FUTURE COMMUNICATION IP based communication will become the core communication? Scalability and reliability communication infrastructure? Vulnerability and security threat?
CORE COMMUNICATION Access Control List? Default password issue? Weak password? Unencrypted remote login? Routing protocol vulnerability? We will focus on Border Gateway Protocol (BGP) now
BGP VULNERABILITY BGP messages TCP vulnerability BGP internet man in the middle Documented on RFC 4272
BGP MESSAGES BGP states? idle, connect, active, opensent, openconfirm, established BGP message? open, update, notification, keep alive BGP message modification to poison routing table and Denial of Service Complex and nearly impractical
TCP VULNERABILITY BGP and TCP port 179 SPOOFED TCP RST/FIN? TCP port flooding (SYN) TCP session ends = BGP idle
BGP MAN IN THEMIDDLE More specific network prefix wins Use tracroute to identify routing from source to destination Use route-map and AS-PATH prepending Static routing to give information about next-hop-router