The “Kaminsky 2.0” at Black Hat today turned out to be the talk from Daniel Mende and Enno Rey, dealing with vulnerabilities in the BGP and MPLS protocols. From what I can tell, there was no real news; most of the information they presented has been available for a while.
The fact that BGP has “trust issues” is old news; once you’ve established a peering session with another router, most providers will happily accept any routes you send them. This is already being dealt with on several levels:
- Using MD5 signatures to prevent third parties from injecting rogue updates / disconnecting sessions
- More ISPs are starting to use Routing Registries to verify whether a particular AS is allowed to send a particular route. The regional Internet Registries have started combining their databases into the IRR to make this easier.
- And, in most cases, rogue routes are detected by the various monitoring services such as Renesys’ Routing Intelligence, PHAS and others.
- Finally, there are two efforts to improve BGP security: S-BGP and soBGP. More details about both can be found at BGPexpert.com.
What was new to me were some ideas about attacks on MPLS networks. They presented ideas about possible attacks on these networks, including ways to create a rogue MPLS VPN that might go unnoticed by the network provider. Since this requires access to the PE routers on both sides of the connection, real-world attacks might be hard, but not every service provider uses very strong passwords.
After their presentation they released some tools, you can find them here.