RFC 4593 was released in 2006 and is titled Generic Threats to Routing Protocols. In this RFC, several threats to routing protocols are identified. This RFC focused on commonly used network protocols, including OSPF, IS-IS, RIP, and BGP.
To fully understand the threat consequences to routing protocols, it’s useful to consider what routing protocols do.
- Provide a transport subsystem — Routing protocols provide a means for a router to send messages to its neighbors.
- Maintain the state of neighbors — Routing protocols provide a method to understand the current status of a router’s neighbors
- Maintain a database — By exchanging messages, routing protocols construct and maintain a database that describes the network topologies and which destinations are reachable. Different protocols collect different levels of detail.
As defined in RFC 4593, a threat consequence is the result of some aspect of the normal behavior of a routing protocol being violated. Multiple threat consequences can occur due to a single security violation. The threat consequences are:
- Disclosure — An unauthorized person is able to access routing information.
- Deception — A forged routing message is sent to a legitimate router.
- Disruption — A router’s normal operation is stopped or impaired.
- Usurpation — An attacker takes over control of the services and functions provided by a router.
The damage that can occur from these types of attacks is significant, including:
- Network congestion — Available capacity of the network is over-utilized.
- Blackhole — A router is instructed to drop some or all of the packets it receives.
- Looping — Data circles through the network, but never reaches it’s destination. This will ultimately result in network congestion. This could also include traffic routed to a specific host that’s forward along a path so that it circles the network, but is never delivered.
- Partition — Boundaries between parts of the network are abolished, but the routers are unaware of this.
- Churn — Forwarding changes result in variances in data delivery across the network.
- Instability — The routing protocol effectively stops working.
- Overcontrol — The routing protocols floods the network with control messages.
- Clog — A specific resource, such as memory or CPU, on a router is overwhelmed by message traffic.
- Starvation — Traffic destined for one location on the network is routed so that it can’t be delivered.
- Eavesdrop — Network traffic is routed so that the attacker can access the information.
- Cut — A portion of the network is fooled into believing it doesn’t have a path when it in fact does.
- Delay — Network traffic is routed through inferior paths, causing it to take longer to reach its destination.
Each of these potential forms of damage can result in significant disruption to an organization along with dramatic business impact. For example, imagine the effect of network congestion upon an organization that relies upon high-speed transmissions that communicate information about specific business activities.
The consequence of these threat consequences and RFC 4593 is clearly stated. These routing protocols (OSPF, IS-IS, RIP, and BGP), although widely in use, are highly vulnerable and open to numerous forms of malicious attacks. RFC 4593 raises awareness of these security threats.