Be aware of RPKI, DNS and PNG
During the first week of 2024, Orange Spain suffered from a sudden traffic drop. This illustrated by the figure below from cloudflare’s radar.
This sudden drop of traffic was caused by an unusual problem that affected Orange Spain. During the last years, many operators have deployed the RPKI to secure interdomain routing, which improves the security of interdomain routing. Network operators publish use the RPKI to bind their AS number to the IP prefixes that they advertise. A growing number of network operators use the RPKI to validate the BGP messages that they receive and a fraction of them block the BGP announcements that originate from AS numbers that do not match the RPKI data. This has prevented hijacking attacks.
Network operators can publish the RPKI data for their prefixes directly or using third parties such as Interner Routing Registries like RIPE. Orange Spain did not publish RPKI information for its prefixes but suffered from a new type of attack. Orange Spain used a weak password on the RIPE website and an attacker impersonated Orange Spain on RIPE servers to publish a fake Route Origin Authorization that associates some IP prefixes from Orange Spain to different AS number. As Orange Spain used their regular AS number to advertise this prefix, BGP routers from ASes that ise APKI considered this announcement to be invalid according to the RPKI information andrejected the BGP annoucement. The weak password used by Orange Spain resulted in a new form of denial of service attack…
Several network engineers published an interesting analysis of this new type of attack:
- Doug Madory’s analysis on the kentik blog
- Dan Godin’s article on ars technica
- Another analysis by Stéphane Bortzmeyer (in French)
In addition, Job Snider’s summary of the evolution of RPKI in 2023 is also very interesting.
If you own IP prefixes, make sure that you use strong passwords and two factors authentication on the Internet Routing Registries…
The Domain Name System is one of key Internet protocols. This is also an example of protocol that sends binary messages inside UDP segments. The format of the DNS messages has been optimized to reduce the length of the UDP segments. The DNS is also a nice example for students willing to write a first implementation that sends real Internet protocol messages. A recent blog describes how to encode DNS messages in Java.
The web contains many images using the PNG format. Evan Hahn provides a detailed description of this file format by looking at the contents of the smallest PNG file that has a length of 67 bytes.
This blog aims at encouraging students who read the open Computer Networking: Principles, Protocols and Practice ebook to explore new networking topics. You can follow this blog by subscribing to its RSS feed or by following @cnp3_ebook on mastodon. Feel free to share the posts that you find interesting on your preferred social network.