Research Article
The Maestro Attack: Orchestrating Malicious Flows with BGP
@INPROCEEDINGS{10.1007/978-3-030-63086-7_7, author={Tyler McDaniel and Jared M. Smith and Max Schuchard}, title={The Maestro Attack: Orchestrating Malicious Flows with BGP}, proceedings={Security and Privacy in Communication Networks. 16th EAI International Conference, SecureComm 2020, Washington, DC, USA, October 21-23, 2020, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2020}, month={12}, keywords={DDoS Link Flooding Attack Interdomain routing}, doi={10.1007/978-3-030-63086-7_7} }- Tyler McDaniel
Jared M. Smith
Max Schuchard
Year: 2020
The Maestro Attack: Orchestrating Malicious Flows with BGP
SECURECOMM
Springer
DOI: 10.1007/978-3-030-63086-7_7
Abstract
We presentMaestro, a novel Distributed Denial of Service (DDoS) attack that leverages control plane traffic engineering techniques to concentrate botnet flows on transit links. Executed from a compromised or malicious Autonomous System (AS), Maestro advertises routes poisoned for selected ASes to collapse inbound traffic paths onto a single target link. A greedy heuristic fed by bot traceroute data iteratively builds the set of ASes to poison. Given a compromised router with advantageous positioning in the AS-level Internet topology, an adversary can expect to bring an additional 30% of the entire botnet against vulnerable links. Interestingly, the size of the adversary-controlled AS plays little role in this amplification effect; core links can be degraded by small, resource-limited ASes. To understand the scope of the attack, we evaluate widespread Internet link vulnerability via simulation across several metrics, including BGP betweenness and botnet flow density, and assess the topological requirements for successful attacks. We supplement simulation results with ethically conducted “attacks” on real Internet links. Finally, we present effective defenses for network operators seeking to mitigate this attack.
