A Taxonomy of Attacks Using BGP Blackholing


BGP blackholing is a common technique used to mitigate DDoS attacks. Generally, the victim sends in a request for traffic to the attacked IP(s) to be dropped. Unfortunately, remote parties may misuse blackholing and send requests for IPs they do not own, turning a defense technique into a new attack vector. As DDoS attacks grow in number, blackholing will only become more popular, creating a greater risk this service will be exploited. In this work, we develop a taxonomy of attacks combining hijacks with blackholing: BGP blackjacks (blackhole hijacks). We show that those attacks effectively grant more reach and stealth to the attacker than regular hijacks, and assess the usability of those attacks in various security deployments. We then find that routing security mechanisms for BGP do not provide an adequate protection against some of those attacks, and propose additional mechanisms to properly defend against or mitigate them.

European Symposium on Research in Computer Security (ESORICS 2019), (pp. 107-127), Luxembourg
Loïc Miller
Loïc Miller

My research interests include security, BGP, DNS and Internet measurement, as well as graphs and mathematical proofs.