Peer Pressure: Exerting Malicious Influence on Routers at a Distance

Both academic research and historical incidents have shown that unstable BGP speakers can have extreme, undesirable impacts on network performance and reliability. Large amounts of time and energy have been invested in improving router stability. In this paper, we show how an adversary in control of a BGP speaker in a transit AS can cause a victim router in an arbitrary location on the Internet to become unstable. Through experimentation with both hardware and software routers, we examine the behavior of routers under abnormal conditions and come to three conclusions. First, that unexpected but perfectly legal BGP messages can place routers into those states with troubling ease. Second, that an adversary can implement attacks using these messages to disrupt the function of victim routers in arbitrary locations in the network. And third, modern best practices do not blunt the force of these attacks sufficiently. These conclusions lead us to recommend more rigorous testing of BGP implementations, focusing as much on protocol correctness as on software correctness.