English
 
Help Privacy Policy Disclaimer
  Advanced SearchBrowse

Item

ITEM ACTIONSEXPORT
 
 
DownloadE-Mail
  Kirin: Hitting the Internet with Millions of Distributed IPv6 Announcements

Prehn, L., Foremski, P., & Gasser, O. (2022). Kirin: Hitting the Internet with Millions of Distributed IPv6 Announcements.

Item is

Files

show Files
hide Files
:
arXiv:2210.10676.pdf (Preprint), 4MB
Name:
arXiv:2210.10676.pdf
Description:
File downloaded from arXiv at 2022-12-30 09:41
OA-Status:
Not specified
Visibility:
Public
MIME-Type / Checksum:
application/pdf / [MD5]
Technical Metadata:
Copyright Date:
-
Copyright Info:
-

Locators

show

Creators

show
hide
 Creators:
Prehn, Lars1, Author           
Foremski, Pawel2, Author
Gasser, Oliver1, Author           
Affiliations:
1Internet Architecture, MPI for Informatics, Max Planck Society, ou_2489697              
2External Organizations, ou_persistent22              

Content

show
hide
Free keywords: Computer Science, Networking and Internet Architecture, cs.NI
 Abstract: The Internet is a critical resource in the day-to-day life of billions of
users. To support the growing number of users and their increasing demands,
operators have to continuously scale their network footprint -- e.g., by
joining Internet Exchange Points -- and adopt relevant technologies -- such as
IPv6. IPv6, however, has a vastly larger address space compared to its
predecessor, which allows for new kinds of attacks on the Internet routing
infrastructure.
In this paper, we present Kirin: a BGP attack that sources millions of IPv6
routes and distributes them via thousands of sessions across various IXPs to
overflow the memory of border routers within thousands of remote ASes. Kirin's
highly distributed nature allows it to bypass traditional route-flooding
defense mechanisms, such as per-session prefix limits or route flap damping. We
analyze the theoretical feasibility of the attack by formulating it as a
Integer Linear Programming problem, test for practical hurdles by deploying the
infrastructure required to perform a small-scale Kirin attack using 4 IXPs, and
validate our assumptions via BGP data analysis, real-world measurements, and
router testbed experiments. Despite its low deployment cost, we find Kirin
capable of injecting lethal amounts of IPv6 routes in the routers of thousands
of ASes.

Details

show
hide
Language(s): eng - English
 Dates: 2022-10-192022
 Publication Status: Published online
 Pages: 18 p.
 Publishing info: -
 Table of Contents: -
 Rev. Type: -
 Identifiers: arXiv: 2210.10676
BibTex Citekey: Prehn2210.10676
BibTex Citekey: Prehn2210.10676
 Degree: -

Event

show

Legal Case

show

Project information

show

Source

show