Everyone knows that you can take down a website with a DDoS attack, we know that a country like Egypt can be isolated from the internet in a matter of days, and we thought that there was no way to take down the internet. With many fail safe mechanisms in place around the world, it’s hard to wrap your head around the idea of the entire internet crashing, but a recent report from News Scientist, says that it is possible.

Max Schuchard, a computer science graduate student and his buddies claim that they’ve found a way to launch DDoS attacks on Border Gateway Protocol (BGP) infrastructure routers, that could crash the internet. BGP is one of the most important protocols holding the internet together. Without it, ISPs wouldn’t be able to link together, and the internet wouldn’t be what it is today. BGP switches and routers are constantly updating the whole infrastructure of the internet, trying to keep it current and correct. In  short, they are nothing to be messed with.

In the report,  Schuchard describes the theoretical assault as “the Coordinated Cross Plane Session Termination, or CXPST, attack, a distributed denial of service attack that attacks the control plane of the Internet. CXPST extends previous work that demonstrates a vulnerability in routers that allows an adversary to disconnect a pair of routers using only data plane traffic. By carefully choosing BGP sessions to terminate, CXPST generates a surge of BGP updates that are seen by nearly all core routers on the Internet. This surge of updates surpasses the computational capacity of affected routers, crippling their ability to make routing decisions”

The CXPST would use about 250,000 Computers to perform the botnet. If this sounds like a lot of computers, it really shouldn’t. Approximately 12.5 Million Windows PCs were used in the Mariposa botnet, so 250,000 is really nothing.

The researchers also found though that “Aside from the potential impact is whether such attacks are powerful enough to reset BGP’s routing session as a result of a sufficiently large number of consecutive packet drops. If the session is reset, it can have serious impact on the Internet in the form of routing in- stability, unreachable destinations, and traffic performance degradation.” What all this means, if Schuchard and company’s calculations are correct. is that “in the case of the 250,000-node botnet, the median load on nearly half of the core routers increased by a factor of 20 or more. … This increased median load shows that routers will not have a chance to recover from the previous bursts of updates. ”

There are ways to defend against such an attack. Some, such as SAP (Shrew Attack Protection) , are designed to put an end to the low-rate TCP attack method itself. Schuchard has proposed that there be changes made to BGP itself or how BGP is managed to make it more robust. The bad news is that none of these methods are widely implemented today.

In other words, the Internet, yes pretty much all of it, falls down and goes boom.

What all this means, if Schuchard and company’s calculations are correct. is that “in the case of the 250,000-node botnet, the median load on nearly half of the core routers increased by a factor of 20 or more. … This increased median load shows that routers will not have a chance to recover from the previous bursts of updates. ”

Comments