域间路由系统安全性测试技术研究与应用
|
摘要
随着社会的发展,Internet在人们的日常生活中发挥着越来越重要的作用,电子商务,网上银行等诸多网络应用服务的普及给人们的日常生活带来了极大的便利,但是同时也为不法分子提供一个非法牟利的平台。近年来通过网络实施的犯罪日益上升,所带来的经济损失也日益增大,给整个社会的和谐发展造成不好的影响。域间路由系统作为Internet的核心系统,它的安全性对整个Internet的安全尤为重要。
论文在分析了域间路由系统安全脆弱性的基础上,探讨了由于这些安全脆弱性所带来的攻击威胁和危害,强调了域间路由系统安全性测试的必要性和重大意义。并在此基础上创新性地提出了一种新的针对路由器的强度攻击方法和基于路由毒素的大规模电子邮件发送方法,从理论上对这两种方法进行了详细的分析说明,通过与传统方法的对比阐述了它们给域间路由系统和所承载的应用服务安全带来的巨大威胁。
在理论分析的基础上,设计实现了域间路由系统安全性测试工具En-Quagga,并对该系统的总体结构、主要功能和实现技术进行了详细的分析和说明。该系统由路由节点安全性测试子系统、BGP协议安全性测试子系统和基于路由毒素的应用子系统构成,从不同的侧重点对目标域间路由系统和承载的网络应用进行安全性测试。在对测试结果评估的基础上给出增强目标域间路由系统及电子邮件应用安全的具体措施。
While a number of key Internet based application services such as e-commerce, e-banking are rolling out, the Internet is playing an increasingly role in people’s daily life. However, the Internet also provides a profit-making platform for the lawless elements when we are enjoying the convenience that it brings to us. In recent years, the rising network crimes have brought large economic losses and blocked the development of society badly. As the core of the Internet, the security of inter-domain routing system is particularly crucial to the whole Internet.
On the basis of the analyzing on the security vulnerability of inter-domain routing system, we point out the potential threats and attacks brought by them. To solve these problems, the security testing in inter-domain routing system is necessary and of great significance. We propose a new method to attack routers using routing stress and to send mass emails based on routing poisoning. Compared with traditional methods, we show the enormous threats brought by the new methods to inter-domain routing system.
Based on the theoretical analysis above, we design and implement an inter-domain routing system security tool, En-Quagga. Our tool consists of three major components, router security testing sub-system, BGP protocol security testing sub-system and the network application based on routing poison sub-system. We then use En-Quagga to test the inter-domain routing system in various conditions. With the help of experiment results, we give some advices on how to enhance the security of the inter-domain routing system and the network applications deployed in the inter-domain routing system.
Finally, we conclude the contributions of our works, and then give an expectation of our future work.
论文在分析了域间路由系统安全脆弱性的基础上,探讨了由于这些安全脆弱性所带来的攻击威胁和危害,强调了域间路由系统安全性测试的必要性和重大意义。并在此基础上创新性地提出了一种新的针对路由器的强度攻击方法和基于路由毒素的大规模电子邮件发送方法,从理论上对这两种方法进行了详细的分析说明,通过与传统方法的对比阐述了它们给域间路由系统和所承载的应用服务安全带来的巨大威胁。
在理论分析的基础上,设计实现了域间路由系统安全性测试工具En-Quagga,并对该系统的总体结构、主要功能和实现技术进行了详细的分析和说明。该系统由路由节点安全性测试子系统、BGP协议安全性测试子系统和基于路由毒素的应用子系统构成,从不同的侧重点对目标域间路由系统和承载的网络应用进行安全性测试。在对测试结果评估的基础上给出增强目标域间路由系统及电子邮件应用安全的具体措施。
While a number of key Internet based application services such as e-commerce, e-banking are rolling out, the Internet is playing an increasingly role in people’s daily life. However, the Internet also provides a profit-making platform for the lawless elements when we are enjoying the convenience that it brings to us. In recent years, the rising network crimes have brought large economic losses and blocked the development of society badly. As the core of the Internet, the security of inter-domain routing system is particularly crucial to the whole Internet.
On the basis of the analyzing on the security vulnerability of inter-domain routing system, we point out the potential threats and attacks brought by them. To solve these problems, the security testing in inter-domain routing system is necessary and of great significance. We propose a new method to attack routers using routing stress and to send mass emails based on routing poisoning. Compared with traditional methods, we show the enormous threats brought by the new methods to inter-domain routing system.
Based on the theoretical analysis above, we design and implement an inter-domain routing system security tool, En-Quagga. Our tool consists of three major components, router security testing sub-system, BGP protocol security testing sub-system and the network application based on routing poison sub-system. We then use En-Quagga to test the inter-domain routing system in various conditions. With the help of experiment results, we give some advices on how to enhance the security of the inter-domain routing system and the network applications deployed in the inter-domain routing system.
Finally, we conclude the contributions of our works, and then give an expectation of our future work.
引文
[1] S. A. Misel, Wow. AS7007! NANOG mail archives. http://www.merit.edu/mail.archives/nanog/1997-04/msg00340.html.
[2] Mahajan R, Wetherall D, Anderson T. Understanding BGP misconfiguration. In: Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications, ACM Press New York, NY, USA, 2002:3-16.
[3] Wan T, Van O P. Analysis of BGP Prefix Origins During Google’s May 2005 Outage. Proc. of Security in Systems and Networks, 2006:422.
[4]垃圾邮件危害不堪入目. http://www.365master.com/.
[5]反垃圾邮件技术深入解析. http://www.5dmail.net/.
[6] Martin Brown T U. The Day the YouTube Died. In: MENOG 43 Kuwait, 2008.6, www.renessys.com/tech/presentation/pdf/nanog43-hijack.pdf.
[7] Critical Infrastructure Assurance Group (CIAG). http://www.cisco.com/web/go/ciag/.
[8] Godefroid P, Levin M Y, Molnar D. Automated whitebox fuzzing testing. In: Proceedings of the Network and Distributed System Security Symposium, 2008:151-166.
[9] Convery S, Franz M. BGP Vulnerability Testing: Separating Fact from FUD. In: NANOG Meeting, 2003.6:2.
[10] Cisco. BGP in the Internet Best Current Practices. www.afnog.org/afren/2007/day2/1.5.BGBBCP_AfREN.pdf.
[11] Xu K, Chandrashekar J, Zhang Z L. A first step toward understanding inter-domain routing dynamics. In: Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data. ACM New York, NY, USA, 2005:207-212.
[12] Kent S, Lynn C, Mikkelson J. Secure Border Gateway Protocol (S-BGP)—Real World Performance and Deployment Issues. In: Symposium on Network and Distributed Systems Security (NDSS’00), 2000:103-116.
[13] White R. Architecture and Deployment Considerations for Secure Origin BGP (soBGP). Draft-white-sobgparchitecture_00.txt, 2004.4.
[14] Wan T, Kranakis E, Van O P. Pretty Secure BGP (psBGP). In: Proc. NDSS, 2005.
[15] Karlin J, Forrest S, Rexford J. Pretty Good BGP: Improving BGP by Cautiously Adopting Routes. In: Proc. of IEEE International Conference on Network Protocols, 2006.11:283-292.
[16] Zhao X, Pei D, Wang L, et al. An analysis of BGP multiple origin AS (MOAS) conflicts. In: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, ACM New York, NY, USA, 2001:31-35.
[17] V. Gill. The BGP TTL Security Hack (BTSH). draft-gill-btsh-01.txt, 2002.12.
[18] Chang D F, Govindan R, Heidemann J. An empirical study of router response to large BGP routing table load. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement, ACM New York, NY, USA, 2002:203-208.
[19] S. Agarwal, C. Chuah, S. Bhattacharyya, C. Diot. Impact of BGP dynamic on router CPU utilization. In: PAM 2004.
[20] Cisco Systems. Troubleshooting High CPU Caused by the BGP Scanner or BGP Router Process, 2003.
[21] Denial of Service Attacks. http://www.cert.org/tech_tips/denial_of_service.html.
[22] Cisco漏洞一览. http://www.sectao.com/.
[23] Cisco IOS Exploitation-The Proper Way. http://www.hackingciscoexposed.com/.
[24]思科IOS中的三个漏洞. http://news.ciw.com.cn/news/20070130185304.shtml.
[25] Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service. http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml.
[26] Exploiting Vulnerabilities in Cisco IOS. http://www.securityfocus.com/.
[27] Case J, Fedor M, Schoffstall M. A Simple Network Management Protocol (SNMP). Network Information Center, SRI International, 1989.
[28] Brute-Forcing Services:SNMP is Always Fun. http://www.securityfocus.com/.
[29] Pinkas B, Sander T. Securing passwords against dictionary attacks. In: Proceedings of the 9th ACM conference on Computer and communications security, ACM New York, NY, USA, 2002:161-170.
[30] Butler K, Farley T, Mcdaniel P, Rexford, J. A Survey of BGP Security. ATT Labs, Research, Florham Park, NJ, Tech. Rep. TD-5UGJ33, 2004.2.
[31] Barbir A, Murphy S, Yang Y. Generic Threats to Routing Protocols (Draft). IETF, 2004.4.
[32] Murphy S. BGP Security Vulnerabilities Analysis. IETF draft-ietf-idr-bgp-vuln-00, 2002.2.
[33] Ballani H, Francis P, Zhang X. A study of prefix hijacking and interception in the internet. In: Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications, ACM Press New York, NY, USA, 2007:265-276.
[34] Lad M, Oliveira R, Zhang B, et al. Understanding the impact of BGP prefix hijacks. ACM SIGCOMM Poster, 2006.
[35] Boothe P, Hiebert J, Bush R. Short-Lived Prefix Hijacking on the Internet. North American Network Operators’Group (NANOG), 2006:36.
[36] Kim J, Ko S Y, Nicol D M. A BGP attack against traffic engineering. In: Simulation Conference, 2004.12, 1:326.
[37] Bellovin S M, Gansner E R. Using Link Cuts to Attack Internet Routing. AT&T Labs Research Technical Report, http://www.research.att.com/smb/papers/reroute.pdf.
[38] Cowie J, Ogielski A, Premore B J. Global routing instabilities triggered by CodeRed II and Nimda worm attacks. Renesys Corporation. Hanover, New Hampshire, USA. http://www.renesys.com/projects/papers/renesys_bgp_instabilities2001.pdf.
[39] Wang L, Zhao X, Pei D. Observation and analysis of BGP behavior under stress. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement, ACM New York, NY, USA, 2002:183-195.
[40]中国路由器市场规模分析. http://market.c114.net/182/a279416.html.
[41] Rekhter Y, Li T, Hares S. A Border Gateway Protocol 4 (BGP-4). RFC 1771, 1981.
[42] Cisco. Best Path Selection Algorithm. http://www.cisco.com/warp/public/459/25.shtml.
[43] Quagga Routing Suite. http://www.quagga.net.
[44] SMTP结构及原理. http://5dmail.net/.
[45] Klensin J. Simple Mail Transfer Protocol. RFC2821, 2001.
[46] SMTP命令列表. http://5dmail.net/.
[47]徐洪伟,方勇,音春.垃圾邮件过滤技术分析.通信技术, 2003(10):126-128.
[48]怎样做反向域名解. http://www.5dmail.net/.
[49] Lyon J, Wong M. Sender ID: Authenticating E-Mail. Internet Engineering Task Force Draft IETF, 2004.10.
[50] Gao L. On inferring autonomous system relationships in the Internet. Networking, IEEE/ACM Transactions on, 2001, 9(6):733-745.
[51] Di B G, Erlebach T, Hall Al. Computing the types of the relationships between autonomous systems. IEEE/ACM Transactions on Networking (TON), 2007, 15(2): 267-280.
[52]国际垃圾邮件及反垃圾最新技术. http://5dmail.net/.
[53]梁力,严建伟,聂影.基于源地址约束的垃圾邮件过滤模型.西安交通大学学报, 2005, 39(4): 4.
[54]管东华,周家纪,张文娟.基于IP地址的反垃圾邮件数据库的建构研究.电脑与信息技术, 2008, 16(1): 33-34.
[55]中继、开放中继、匿名连接、垃圾邮件及其预防. http://www.donews.net/.
[56]让动态IP用户垃圾邮件无处隐身. http://www.5dmail.net/.
[57] Settings M. Exploits get closer in zero day attack. Computer Fraud & Security, 2003(4): 1-1.
[58] Bellovin S, Bush R, Griffin T, et al. Slowing routing table growth by filtering based on address allocation policies. www.research.att.com/jrex/papers/filter.pdf, 2001.6.
[59] Modification R. BGP Prefix-Based Outbound Route Filtering. www.cisco.com/en/US/docs/ios/fsbgporf.pdf
[60] Tangmunarunkit H, Govindan R, Shenker S. The impact of routing policy onInternet paths. In: INFOCOM 2001, Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies, Proceedings, IEEE, 2001, 2:736-742.
[61] Allman E, Callas J, Delany M. DomainKeys Identified Mail (DKIM) Signatures. draft-ietf-dkim-base-04 (work in progress), 2006.7.
[62] Burkholder P. SSL Man-in-the-Middle Attacks. The SANS Institute, 2002.2.
[2] Mahajan R, Wetherall D, Anderson T. Understanding BGP misconfiguration. In: Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications, ACM Press New York, NY, USA, 2002:3-16.
[3] Wan T, Van O P. Analysis of BGP Prefix Origins During Google’s May 2005 Outage. Proc. of Security in Systems and Networks, 2006:422.
[4]垃圾邮件危害不堪入目. http://www.365master.com/.
[5]反垃圾邮件技术深入解析. http://www.5dmail.net/.
[6] Martin Brown T U. The Day the YouTube Died. In: MENOG 43 Kuwait, 2008.6, www.renessys.com/tech/presentation/pdf/nanog43-hijack.pdf.
[7] Critical Infrastructure Assurance Group (CIAG). http://www.cisco.com/web/go/ciag/.
[8] Godefroid P, Levin M Y, Molnar D. Automated whitebox fuzzing testing. In: Proceedings of the Network and Distributed System Security Symposium, 2008:151-166.
[9] Convery S, Franz M. BGP Vulnerability Testing: Separating Fact from FUD. In: NANOG Meeting, 2003.6:2.
[10] Cisco. BGP in the Internet Best Current Practices. www.afnog.org/afren/2007/day2/1.5.BGBBCP_AfREN.pdf.
[11] Xu K, Chandrashekar J, Zhang Z L. A first step toward understanding inter-domain routing dynamics. In: Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data. ACM New York, NY, USA, 2005:207-212.
[12] Kent S, Lynn C, Mikkelson J. Secure Border Gateway Protocol (S-BGP)—Real World Performance and Deployment Issues. In: Symposium on Network and Distributed Systems Security (NDSS’00), 2000:103-116.
[13] White R. Architecture and Deployment Considerations for Secure Origin BGP (soBGP). Draft-white-sobgparchitecture_00.txt, 2004.4.
[14] Wan T, Kranakis E, Van O P. Pretty Secure BGP (psBGP). In: Proc. NDSS, 2005.
[15] Karlin J, Forrest S, Rexford J. Pretty Good BGP: Improving BGP by Cautiously Adopting Routes. In: Proc. of IEEE International Conference on Network Protocols, 2006.11:283-292.
[16] Zhao X, Pei D, Wang L, et al. An analysis of BGP multiple origin AS (MOAS) conflicts. In: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, ACM New York, NY, USA, 2001:31-35.
[17] V. Gill. The BGP TTL Security Hack (BTSH). draft-gill-btsh-01.txt, 2002.12.
[18] Chang D F, Govindan R, Heidemann J. An empirical study of router response to large BGP routing table load. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement, ACM New York, NY, USA, 2002:203-208.
[19] S. Agarwal, C. Chuah, S. Bhattacharyya, C. Diot. Impact of BGP dynamic on router CPU utilization. In: PAM 2004.
[20] Cisco Systems. Troubleshooting High CPU Caused by the BGP Scanner or BGP Router Process, 2003.
[21] Denial of Service Attacks. http://www.cert.org/tech_tips/denial_of_service.html.
[22] Cisco漏洞一览. http://www.sectao.com/.
[23] Cisco IOS Exploitation-The Proper Way. http://www.hackingciscoexposed.com/.
[24]思科IOS中的三个漏洞. http://news.ciw.com.cn/news/20070130185304.shtml.
[25] Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service. http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml.
[26] Exploiting Vulnerabilities in Cisco IOS. http://www.securityfocus.com/.
[27] Case J, Fedor M, Schoffstall M. A Simple Network Management Protocol (SNMP). Network Information Center, SRI International, 1989.
[28] Brute-Forcing Services:SNMP is Always Fun. http://www.securityfocus.com/.
[29] Pinkas B, Sander T. Securing passwords against dictionary attacks. In: Proceedings of the 9th ACM conference on Computer and communications security, ACM New York, NY, USA, 2002:161-170.
[30] Butler K, Farley T, Mcdaniel P, Rexford, J. A Survey of BGP Security. ATT Labs, Research, Florham Park, NJ, Tech. Rep. TD-5UGJ33, 2004.2.
[31] Barbir A, Murphy S, Yang Y. Generic Threats to Routing Protocols (Draft). IETF, 2004.4.
[32] Murphy S. BGP Security Vulnerabilities Analysis. IETF draft-ietf-idr-bgp-vuln-00, 2002.2.
[33] Ballani H, Francis P, Zhang X. A study of prefix hijacking and interception in the internet. In: Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications, ACM Press New York, NY, USA, 2007:265-276.
[34] Lad M, Oliveira R, Zhang B, et al. Understanding the impact of BGP prefix hijacks. ACM SIGCOMM Poster, 2006.
[35] Boothe P, Hiebert J, Bush R. Short-Lived Prefix Hijacking on the Internet. North American Network Operators’Group (NANOG), 2006:36.
[36] Kim J, Ko S Y, Nicol D M. A BGP attack against traffic engineering. In: Simulation Conference, 2004.12, 1:326.
[37] Bellovin S M, Gansner E R. Using Link Cuts to Attack Internet Routing. AT&T Labs Research Technical Report, http://www.research.att.com/smb/papers/reroute.pdf.
[38] Cowie J, Ogielski A, Premore B J. Global routing instabilities triggered by CodeRed II and Nimda worm attacks. Renesys Corporation. Hanover, New Hampshire, USA. http://www.renesys.com/projects/papers/renesys_bgp_instabilities2001.pdf.
[39] Wang L, Zhao X, Pei D. Observation and analysis of BGP behavior under stress. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement, ACM New York, NY, USA, 2002:183-195.
[40]中国路由器市场规模分析. http://market.c114.net/182/a279416.html.
[41] Rekhter Y, Li T, Hares S. A Border Gateway Protocol 4 (BGP-4). RFC 1771, 1981.
[42] Cisco. Best Path Selection Algorithm. http://www.cisco.com/warp/public/459/25.shtml.
[43] Quagga Routing Suite. http://www.quagga.net.
[44] SMTP结构及原理. http://5dmail.net/.
[45] Klensin J. Simple Mail Transfer Protocol. RFC2821, 2001.
[46] SMTP命令列表. http://5dmail.net/.
[47]徐洪伟,方勇,音春.垃圾邮件过滤技术分析.通信技术, 2003(10):126-128.
[48]怎样做反向域名解. http://www.5dmail.net/.
[49] Lyon J, Wong M. Sender ID: Authenticating E-Mail. Internet Engineering Task Force Draft IETF, 2004.10.
[50] Gao L. On inferring autonomous system relationships in the Internet. Networking, IEEE/ACM Transactions on, 2001, 9(6):733-745.
[51] Di B G, Erlebach T, Hall Al. Computing the types of the relationships between autonomous systems. IEEE/ACM Transactions on Networking (TON), 2007, 15(2): 267-280.
[52]国际垃圾邮件及反垃圾最新技术. http://5dmail.net/.
[53]梁力,严建伟,聂影.基于源地址约束的垃圾邮件过滤模型.西安交通大学学报, 2005, 39(4): 4.
[54]管东华,周家纪,张文娟.基于IP地址的反垃圾邮件数据库的建构研究.电脑与信息技术, 2008, 16(1): 33-34.
[55]中继、开放中继、匿名连接、垃圾邮件及其预防. http://www.donews.net/.
[56]让动态IP用户垃圾邮件无处隐身. http://www.5dmail.net/.
[57] Settings M. Exploits get closer in zero day attack. Computer Fraud & Security, 2003(4): 1-1.
[58] Bellovin S, Bush R, Griffin T, et al. Slowing routing table growth by filtering based on address allocation policies. www.research.att.com/jrex/papers/filter.pdf, 2001.6.
[59] Modification R. BGP Prefix-Based Outbound Route Filtering. www.cisco.com/en/US/docs/ios/fsbgporf.pdf
[60] Tangmunarunkit H, Govindan R, Shenker S. The impact of routing policy onInternet paths. In: INFOCOM 2001, Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies, Proceedings, IEEE, 2001, 2:736-742.
[61] Allman E, Callas J, Delany M. DomainKeys Identified Mail (DKIM) Signatures. draft-ietf-dkim-base-04 (work in progress), 2006.7.
[62] Burkholder P. SSL Man-in-the-Middle Attacks. The SANS Institute, 2002.2.