NEW!!! Tech Corner Series: What You Need to Know About Routing Protocols pt. 1Posted: October 29, 2011
Plain and simple, I am a network nut! In fact, it is what drew me to the IT business to begin with. Most people are surprised after they get to know me, because as they say, I “don’t fit into the typical tech nerd stereotype“. I agree with that statement wholeheartedly. I do not have what you would call a Math or Science mind per’se, I actually find most of the “tech stuff” that excites the typical IT professional, very tedious and boring. What’s that you say? Is this my resignation post? Oh, HECK NO! Don’t get it twisted I love the tech industry, just not for the same reasons as the stereotypical tech geek (just to clarify, I am not avoiding the geek title. I am definitely a geek lol!). You see it is the “intricate puzzle” that the IT industry offers that draws me in like the Louisville Cardinals draw in line beards and flat bill hats ( “L” Yes…Uggghh, I think I just threw up a little right then, sorry about that). The fact is, I am not so much into writing code like most, although I do write a considerable amount; I would rather have my eyelids peeled back and forced to watch those retards on Jersey Shore than have to do it most days.
However what I LOVE, more than most, is solving problems, teaching people and working intricate puzzles. Networking on an enterprise level provides me the most intricate puzzles ever on a daily basis. As much as I despise writing code, imaging computers, configuring servers, etc. I absolutely love being elbow deep in IP addresses, DNS configurations, Switch functions, and routing protocols. And that is what this series is all about. I’m going to explain the different types of attacks and also share with you the best practices I use when it comes to securing routing protocols. Just a word of warning before we dig in, this topic from here on out will be a little more advanced than what I usually write. This is very intentional, because Tech Corner is for everyone in the spectrum, and today we visit the more complicated side. Stick around though, because you will likely learn something new if you do.
So, what in the ‘Bob Saget’ is a Routing Protocol
Obviously we can’t secure something (at least nor well) unless we understand what it is right? A routing protocol establishes how routers interact with each other, dispersing information that allows them to select routes between any 2 connections on a computer network, which is decided by routing algorithms. This routing, that is the catalyst that forwards traffic through networks, is progressively analyzed for security holes and insecurities. There are a multitude of threats against routing protocols, from peerinf disruptions, to black holes, to manipulating routing statements.securing your routing protocol against these threats are vital no matter if you have a small business network, or a vast enterprise network.
So You’re Telling Me I Need to Just Focus on the Protocol Right?
The biggest mistake I have seen people make is when setting up a network is they start with all their focus on securing their routing protocols. This approach neglects the fact that the routing protocol is but one piece of a 3 part task. In order to have a solid foundation for your network to build on the focus needs to be on the Routing System (which has 3 parts) : The Routing Protocol, which is the interpretations utilized to convey the topology information across the network. It is also the process that the router uses to determine the shortest path to any connection point on the entire network. The Devices are what runs the routing protocols and switches the packets along these paths chosen by the routing protocol, and The Topology Information that is transported with the routing protocol as its vehicle. All three pieces of the Routing System puzzle have to be accounted for if one is to protect themselves against the onslaught of attacks that are out there.
What Do You Mean by “Attacks”?
These attacks can come in many forms. One such form is what is called Peer Disruption, which is an attack that typically tries to deny usage of network resources to authorized users (REALLY annoying stuff at best, fatal at worst). Routing Protocols will combat this type of attack. The best protocol I have found to defend against this type of attack is the Open Shortest Path First (OSPF) protocol. A router with an OSPF protocol will rebuild their adjacency after the attack has ceased, and routing will continue. This redundancy can typically combat most peer disruption attacks. While a peer disruption will cause a small disruption on the network routing protocols will adjust in a very short period of time and route around the disruption. Thus significantly decreasing any downtime.
Another type of attack you have to watch for it one that will falsify your routing statements. This type of attack is very subtle and hard to detect before it’s too late. This type of attack will go after your topology information and routing statements in order to misdirect traffic. This is the type of attack used in the infamous Denial of Service Attack (DoS), and is used for any attack that will redirect your traffic away from your encrypted VPN tunnels, proxy’s ,etc. and re route it to a listener proxy that stores all of that now unencrypted data. Then there is a variation of this attack that is just plain….well….mean, and it’s called a “Black Hole” . This is where the attacker simply redirects traffic to a host on the network that just discards it. nobody can connect or work on the network, because every bit of traffic generated is virtually sucked into a black hole, where it just disappears. It is these attackers that I have a special desire to see drug behind a truck. Finally, a variation of this attack that is noteworthy is a type that takes advantage of routing stability. Most routing protocols contain some type of equalizer that guards against rapid changes in the routing topology from the processing power, memory, and various other valuable resources the devices on a network use to run the routing protocols. Attackers will sometimes exploit these redundancies in the same way a hacker will flood a login with the wrong password on purpose in order to lock out the authorized user. You may know this type of attack as a DoS.
Are Those the Only Ones?
Don’t I wish, although if that was it, I would have to look for a new career, so in a way IT Professionals and Hackers have a unique relationship; sort of a yin to each others Yang if you will, because we keep each other in a job. I like to refer to it as Spy vs. Spy (see I told you I was a dork). There are also attacks that are called “Flapper Injections”. For example, Border Gateway Protocol (BGP) route dampening; most commonly referred to as simply “damping”, id designed to decrease the ever increasing change rate of the Internet’s routing tables. BGP sessions generally couple with ISP’s to dampen the “flapping” broadcasts of routing information in an attempt to decrease the amount of wasted resources on the ISP’s network. Attackers will exploit the dampening mechanism in a router by making it look like a certain destination route is “flapping”. The attacker forges a set of withdraws and updates that advertise a route over and over which causes a router to believe these are legit changes in state when they are broadcasted. This causes the ISP’s router to dampen the route for a longer period of time, which makes the destination unreachable. This is a VERY malicious attack, because the effects of it are felt long after the attacker has moved on.
We’ll round out part 1 of this series with one more attack that’s out there and is pretty nasty, and that is called a “Network Melt”. To understand how this works it is important to know that, in most networks, routing protocols will typically focalize somewhere in the range of 7-10 seconds, which is not near fast enough to carry newer applications transported by networks. Here is a scenario that will help this make sense; if a link were to drop, and it took 7-10 seconds for the traffic to be rerouted, voice calls would be dropped, video streams would buffer horribly, and a whole host of other sessions would crash. In fact, Routing Protocol Designers are laboriously researching and diligently working towards developing a new protocol that will improve the speed of routing convergence within a network. The caveat is that a routing protocol faces a big problem when it tried to converge this quickly, and that is Information overload. Have you ever heard the saying, “A team is only as strong as its weakest link”? Well, this holds true for routing protocols as well. Whatever threshold it takes to overwhelm the smallest, slowest device on a network that provides routing services will be a ceiling of sorts. Once this threshold is exceeded the routing system becomes unstable and will eventually fall into a condition called, “Network Melt”. This is where a network will not converge again without human intervention, even after the source is removed (a real pain in the #$%).
The principal tool utilized by protocol developers to prevent information overload from becoming a “network melt”, while still allowing the network to react quickly to a low number of topology changes is called an “exponential backoff”. This experiment has already been released in the most recent versions of Cisco’s IOS platform for OSPF as well as Intermediate System -to- Intermediate System (IS-IS) protocol. Although, this gives an attacker a new opportunity to mess things up. An attacker could exploit the Exponential Backoff features and force the network to constantly converge very slowly, which would cause the network to fail to meet the requirements of the application running on it.
We will close out part 1 of this series with that. There is still a lot of information to cover within this topic, but are you starting to see why routing protocols are imnportant, and maybe gained a new understanding of what a network administrator has to deal with on a daily basis…like I said earlier, “One BIG puzzle…” Til next time keep it saucy.
Don’t forget to follow Tech Corner on Twitter for a constant stream of Tech news and a good helping of weird