CAPEC-584: BGP Route Disabling
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary suppresses the Border Gateway Protocol (BGP) advertisement for a route so as to render the underlying network inaccessible. The BGP protocol helps traffic move throughout the Internet by selecting the most efficient route between Autonomous Systems (AS), or routing domains. BGP is the basis for interdomain routing infrastructure, providing connections between these ASs. By suppressing the intended AS routing advertisements and/or forcing less effective routes for traffic to ASs, the adversary can deny availability for the target network.
前提条件
- The adversary must have control of a router that can modify, drop, or introduce spoofed BGP updates.The adversary can convince
所需资源
- BGP Router
后果影响
影响范围: Availability
技术影响: Other
说明: Disabling a network route at the routing infrastructure level denies availability of that route.
缓解措施
Implement Ingress filters to check the validity of received routes. However, this relies on the accuracy of Internet Routing Registries (IRRs) databases which are often not well-maintained.
Implement Secure BGP (S-BGP protocol), which improves authorization and authentication capabilities based on public-key cryptography.
示例实例
Blackholing: The adversary intentionally references false routing advertisements in order to attract traffic to a particular router so it can be dropped.