SlideShare a Scribd company logo

BGP security at internet exchanges

Marco d'Itri
Marco d'Itri

A practical experiment.

Internet
1 of 7
Download to read offline
BGP security at internet exchanges A practical experiment Marco d’Itri <md@seeweb.it> @rfc1036 Seeweb s.r.l. RIPE71 - Nov 16, 2015
Goal Find out which networks accept anything that a peer will announce to them. In a better world this would never happen, but reality is different... BGP security at internet exchanges Marco d’Itri
Methodology Borrow from an accomplice an unused /24 part of one of their networks. Get from a BGP dump a list of the networks announced by your peers at multiple IXes. Scan each neighbor AS for a pingable IP, one random /29 at a time (this is the hard part!). Announce the hijacked borrowed network. Ping again the test IPs, this time from an IP from the borrowed network. See which ones are still reachable. BGP security at internet exchanges Marco d’Itri
Technical details Configure quagga with an iBGP session to your routers and make it receive the relevant prefixes. Dump all the routes (dump bgp routes-mrt ...). Extract the relevant ones with my zebra-dump-parser.pl. Find a pingable IP in each AS with nmap and some Perl. (Also, exclude dynamically-assigned addresses which could go away at any time.) Configure on the system an IP from the /24 and announce it (only to neighbors, one IX at a time). More Perl to ping the target IPs and analyze the results. BGP security at internet exchanges Marco d’Itri
Results How many neighbors will happily accept an hijacked route? IX total peers vulnerable MIX 109 59 NAMEX 18 6 TOP-IX 18 13 AMS-IX 462 441 DE-CIX 328 72 LINX 324 239 France-IX 110 101 This is inexcusable We announce less than 50 routes, all of them properly registered in the RIPE IRR: our session can be easily validated automatically. This confirms the need to raise awareness about routing security and the Routing Resilience Manifesto. BGP security at internet exchanges Marco d’Itri
Questions? http://www.linux.it/ md/text/ bgp-experiment-ripe71.pdf (Google . . . Marco d’Itri . . . I feel lucky) BGP security at internet exchanges Marco d’Itri
Thanks to... Paolo Agazzone at Intercom AS8224 for the /24. Gianfranco Delli Carri at ITGate AS12779 for the LINX, DE-CIX and France-IX testbed. BGP security at internet exchanges Marco d’Itri

Recommended

Enhance Virtualization Stack with Intel CET and MPX
Enhance Virtualization Stack with Intel CET and MPXEnhance Virtualization Stack with Intel CET and MPX
Enhance Virtualization Stack with Intel CET and MPXPriyanka Aash
 
Raspberry pi Part 22
Raspberry pi Part 22Raspberry pi Part 22
Raspberry pi Part 22Techvilla
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
Wardriving & Kismet Introduction
Wardriving & Kismet IntroductionWardriving & Kismet Introduction
Wardriving & Kismet IntroductionLance Howell
 
Advanced Encryption System & Block Cipher Modes of Operations
Advanced Encryption System & Block Cipher Modes of OperationsAdvanced Encryption System & Block Cipher Modes of Operations
Advanced Encryption System & Block Cipher Modes of OperationsAdri Jovin
 
RDP Zero Clients | Z-102
RDP Zero Clients | Z-102RDP Zero Clients | Z-102
RDP Zero Clients | Z-102RDP Workstations Pvt Ltd
 
ระบบเครือข่ายคอมพิวเตอร์ไร้สาย
ระบบเครือข่ายคอมพิวเตอร์ไร้สายระบบเครือข่ายคอมพิวเตอร์ไร้สาย
ระบบเครือข่ายคอมพิวเตอร์ไร้สายApichart Sodesiri
 
Information system security wk3-2
Information system security wk3-2Information system security wk3-2
Information system security wk3-2Bee Lalita
 

Recommended

Enhance Virtualization Stack with Intel CET and MPX
Enhance Virtualization Stack with Intel CET and MPXEnhance Virtualization Stack with Intel CET and MPX
Enhance Virtualization Stack with Intel CET and MPXPriyanka Aash
 
Raspberry pi Part 22
Raspberry pi Part 22Raspberry pi Part 22
Raspberry pi Part 22Techvilla
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
Wardriving & Kismet Introduction
Wardriving & Kismet IntroductionWardriving & Kismet Introduction
Wardriving & Kismet IntroductionLance Howell
 
Advanced Encryption System & Block Cipher Modes of Operations
Advanced Encryption System & Block Cipher Modes of OperationsAdvanced Encryption System & Block Cipher Modes of Operations
Advanced Encryption System & Block Cipher Modes of OperationsAdri Jovin
 
RDP Zero Clients | Z-102
RDP Zero Clients | Z-102RDP Zero Clients | Z-102
RDP Zero Clients | Z-102RDP Workstations Pvt Ltd
 
ระบบเครือข่ายคอมพิวเตอร์ไร้สาย
ระบบเครือข่ายคอมพิวเตอร์ไร้สายระบบเครือข่ายคอมพิวเตอร์ไร้สาย
ระบบเครือข่ายคอมพิวเตอร์ไร้สายApichart Sodesiri
 
Information system security wk3-2
Information system security wk3-2Information system security wk3-2
Information system security wk3-2Bee Lalita
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data DATA SECURITY SOLUTIONS
 
NetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseNetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseCisco Canada
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUTNahidul Kibria
 
BGP Overview
BGP OverviewBGP Overview
BGP OverviewMatt Bynum
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network OperatorsBangladesh Network Operators Group
 
Running head network design 1 netwo
Running head network design 1 netwoRunning head network design 1 netwo
Running head network design 1 netwoAKHIL969626
 
Netw204 Quiz Answers Essay
Netw204 Quiz Answers EssayNetw204 Quiz Answers Essay
Netw204 Quiz Answers EssayJennifer Letterman
 
Tech f42
Tech f42Tech f42
Tech f42SelectedPresentations
 
PLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpecPLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpecPROIDEA
 
A Botnet Detecting Infrastructure Using a Beneficial Botnet
A Botnet Detecting Infrastructure Using a Beneficial BotnetA Botnet Detecting Infrastructure Using a Beneficial Botnet
A Botnet Detecting Infrastructure Using a Beneficial BotnetTakashi Yamanoue
 
ARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...EC-Council
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network TrafficRio Ap
 
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...IRJET Journal
 
How to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsHow to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsToradex
 
Отчет Audit report RAPID7
Отчет Audit report RAPID7 Отчет Audit report RAPID7
Отчет Audit report RAPID7Sergey Yrievich
 
Report PAPID 7
Report PAPID 7Report PAPID 7
Report PAPID 7Sergey Yrievich
 
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of BangladeshION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of BangladeshDeploy360 Programme (Internet Society)
 
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...IRJET Journal
 
Exploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTExploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTMarco d'Itri
 
The Internet of (other people's) Things
The Internet of (other people's) ThingsThe Internet of (other people's) Things
The Internet of (other people's) ThingsMarco d'Itri
 

More Related Content

Similar to BGP security at internet exchanges

Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data DATA SECURITY SOLUTIONS
 
NetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseNetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseCisco Canada
 
Running head network design 1 netwo
Running head network design 1 netwoRunning head network design 1 netwo
Running head network design 1 netwoAKHIL969626
 
PLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpecPLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpecPROIDEA
 
A Botnet Detecting Infrastructure Using a Beneficial Botnet
A Botnet Detecting Infrastructure Using a Beneficial BotnetA Botnet Detecting Infrastructure Using a Beneficial Botnet
A Botnet Detecting Infrastructure Using a Beneficial BotnetTakashi Yamanoue
 
ARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...EC-Council
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network TrafficRio Ap
 
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...IRJET Journal
 
How to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsHow to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsToradex
 
Отчет Audit report RAPID7
Отчет Audit report RAPID7 Отчет Audit report RAPID7
Отчет Audit report RAPID7Sergey Yrievich
 
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...IRJET Journal
 

Similar to BGP security at internet exchanges (20)

Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data
 
NetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseNetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat Defense
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
 
BGP Overview
BGP OverviewBGP Overview
BGP Overview
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Running head network design 1 netwo
Running head network design 1 netwoRunning head network design 1 netwo
Running head network design 1 netwo
 
Netw204 Quiz Answers Essay
Netw204 Quiz Answers EssayNetw204 Quiz Answers Essay
Netw204 Quiz Answers Essay
 
Tech f42
Tech f42Tech f42
Tech f42
 
PLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpecPLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpec
 
A Botnet Detecting Infrastructure Using a Beneficial Botnet
A Botnet Detecting Infrastructure Using a Beneficial BotnetA Botnet Detecting Infrastructure Using a Beneficial Botnet
A Botnet Detecting Infrastructure Using a Beneficial Botnet
 
ARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities Report
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points
 
3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic
 
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...
 
How to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsHow to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux Systems
 
Отчет Audit report RAPID7
Отчет Audit report RAPID7 Отчет Audit report RAPID7
Отчет Audit report RAPID7
 
Report PAPID 7
Report PAPID 7Report PAPID 7
Report PAPID 7
 
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of BangladeshION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
 
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
 

More from Marco d'Itri

Exploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTExploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTMarco d'Itri
 
The Internet of (other people's) Things
The Internet of (other people's) ThingsThe Internet of (other people's) Things
The Internet of (other people's) ThingsMarco d'Itri
 
Introduzione alla sicurezza di BGP
Introduzione alla sicurezza di BGPIntroduzione alla sicurezza di BGP
Introduzione alla sicurezza di BGPMarco d'Itri
 
Introduzione al peering
Introduzione al peeringIntroduzione al peering
Introduzione al peeringMarco d'Itri
 
The Internet of (other people's) Things
The Internet of (other people's) ThingsThe Internet of (other people's) Things
The Internet of (other people's) ThingsMarco d'Itri
 
State-encouraged BGP hijacking
State-encouraged BGP hijackingState-encouraged BGP hijacking
State-encouraged BGP hijackingMarco d'Itri
 
Un mistero di censura all'italiana
Un mistero di censura all'italianaUn mistero di censura all'italiana
Un mistero di censura all'italianaMarco d'Itri
 
Interconnessioni tra le reti Italiane
Interconnessioni tra le reti ItalianeInterconnessioni tra le reti Italiane
Interconnessioni tra le reti ItalianeMarco d'Itri
 
An introduction to peering in Italy
An introduction to peering in ItalyAn introduction to peering in Italy
An introduction to peering in ItalyMarco d'Itri
 
Peering e depeering
Peering e depeeringPeering e depeering
Peering e depeeringMarco d'Itri
 
Introduzione al peering
Introduzione al peeringIntroduzione al peering
Introduzione al peeringMarco d'Itri
 
Depeering di Telecom Italia
Depeering di Telecom ItaliaDepeering di Telecom Italia
Depeering di Telecom ItaliaMarco d'Itri
 
Piano di indirizzamento di una rete IPv6
Piano di indirizzamento di una rete IPv6Piano di indirizzamento di una rete IPv6
Piano di indirizzamento di una rete IPv6Marco d'Itri
 
Transizione a IPv6: come la vedo io
Transizione a IPv6: come la vedo ioTransizione a IPv6: come la vedo io
Transizione a IPv6: come la vedo ioMarco d'Itri
 
Networking in ambienti cloud
Networking in ambienti cloudNetworking in ambienti cloud
Networking in ambienti cloudMarco d'Itri
 
DNSSEC - una breve introduzione
DNSSEC - una breve introduzioneDNSSEC - una breve introduzione
DNSSEC - una breve introduzioneMarco d'Itri
 

More from Marco d'Itri (20)

Exploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTExploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONT
 
The Internet of (other people's) Things
The Internet of (other people's) ThingsThe Internet of (other people's) Things
The Internet of (other people's) Things
 
Introduzione alla sicurezza di BGP
Introduzione alla sicurezza di BGPIntroduzione alla sicurezza di BGP
Introduzione alla sicurezza di BGP
 
Introduzione al peering
Introduzione al peeringIntroduzione al peering
Introduzione al peering
 
The Internet of (other people's) Things
The Internet of (other people's) ThingsThe Internet of (other people's) Things
The Internet of (other people's) Things
 
State-encouraged BGP hijacking
State-encouraged BGP hijackingState-encouraged BGP hijacking
State-encouraged BGP hijacking
 
Sicurezza di BGP
Sicurezza di BGPSicurezza di BGP
Sicurezza di BGP
 
Un mistero di censura all'italiana
Un mistero di censura all'italianaUn mistero di censura all'italiana
Un mistero di censura all'italiana
 
Interconnessioni tra le reti Italiane
Interconnessioni tra le reti ItalianeInterconnessioni tra le reti Italiane
Interconnessioni tra le reti Italiane
 
An introduction to peering in Italy
An introduction to peering in ItalyAn introduction to peering in Italy
An introduction to peering in Italy
 
Peering e depeering
Peering e depeeringPeering e depeering
Peering e depeering
 
Introduzione al peering
Introduzione al peeringIntroduzione al peering
Introduzione al peering
 
Depeering di Telecom Italia
Depeering di Telecom ItaliaDepeering di Telecom Italia
Depeering di Telecom Italia
 
RPSL and rpsltool
RPSL and rpsltoolRPSL and rpsltool
RPSL and rpsltool
 
Piano di indirizzamento di una rete IPv6
Piano di indirizzamento di una rete IPv6Piano di indirizzamento di una rete IPv6
Piano di indirizzamento di una rete IPv6
 
Il nuovo Bryar.pm
Il nuovo Bryar.pmIl nuovo Bryar.pm
Il nuovo Bryar.pm
 
Transizione a IPv6: come la vedo io
Transizione a IPv6: come la vedo ioTransizione a IPv6: come la vedo io
Transizione a IPv6: come la vedo io
 
Networking in ambienti cloud
Networking in ambienti cloudNetworking in ambienti cloud
Networking in ambienti cloud
 
DNSSEC - una breve introduzione
DNSSEC - una breve introduzioneDNSSEC - una breve introduzione
DNSSEC - una breve introduzione
 
RPSL e rpsltool
RPSL e rpsltoolRPSL e rpsltool
RPSL e rpsltool
 

Recently uploaded

VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 

Recently uploaded (20)

VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 

BGP security at internet exchanges

  • 1. BGP security at internet exchanges A practical experiment Marco d’Itri <md@seeweb.it> @rfc1036 Seeweb s.r.l. RIPE71 - Nov 16, 2015
  • 2. Goal Find out which networks accept anything that a peer will announce to them. In a better world this would never happen, but reality is different... BGP security at internet exchanges Marco d’Itri
  • 3. Methodology Borrow from an accomplice an unused /24 part of one of their networks. Get from a BGP dump a list of the networks announced by your peers at multiple IXes. Scan each neighbor AS for a pingable IP, one random /29 at a time (this is the hard part!). Announce the hijacked borrowed network. Ping again the test IPs, this time from an IP from the borrowed network. See which ones are still reachable. BGP security at internet exchanges Marco d’Itri
  • 4. Technical details Configure quagga with an iBGP session to your routers and make it receive the relevant prefixes. Dump all the routes (dump bgp routes-mrt ...). Extract the relevant ones with my zebra-dump-parser.pl. Find a pingable IP in each AS with nmap and some Perl. (Also, exclude dynamically-assigned addresses which could go away at any time.) Configure on the system an IP from the /24 and announce it (only to neighbors, one IX at a time). More Perl to ping the target IPs and analyze the results. BGP security at internet exchanges Marco d’Itri
  • 5. Results How many neighbors will happily accept an hijacked route? IX total peers vulnerable MIX 109 59 NAMEX 18 6 TOP-IX 18 13 AMS-IX 462 441 DE-CIX 328 72 LINX 324 239 France-IX 110 101 This is inexcusable We announce less than 50 routes, all of them properly registered in the RIPE IRR: our session can be easily validated automatically. This confirms the need to raise awareness about routing security and the Routing Resilience Manifesto. BGP security at internet exchanges Marco d’Itri
  • 6. Questions? http://www.linux.it/ md/text/ bgp-experiment-ripe71.pdf (Google . . . Marco d’Itri . . . I feel lucky) BGP security at internet exchanges Marco d’Itri
  • 7. Thanks to... Paolo Agazzone at Intercom AS8224 for the /24. Gianfranco Delli Carri at ITGate AS12779 for the LINX, DE-CIX and France-IX testbed. BGP security at internet exchanges Marco d’Itri