Attacks on Network Infrastructure

Author

Chasaki, Danai ; Wu, Qiang ; Wolf, Tilman

Author_Institution

Dept. of Electr. & Comput. Eng., Univ. of Massachusetts, Amherst, MA, USA

fYear

2011

fDate

July 31 2011-Aug. 4 2011

Firstpage

1

Lastpage

8

Abstract

We present the first practical example of an entirely new class of network attacks - attacks that target the network infrastructure. Modern routers in computer networks use general-purpose programmable packet processors. The software used for packet processing on these systems is potentially vulnerable to remote exploits. In this paper, we demonstrate a specific attack that can launch a devastating denial-of-service attack by sending just a single packet. We show that vulnerable packet processing code can be exploited on a Click modular router as well as on a custom packet processor on the NetFPGA platform. We also show that defense techniques based on processor monitoring that we have proposed in prior work can help in detecting and avoiding such attacks.

Keywords

computer network security; field programmable gate arrays; microprocessor chips; telecommunication network routing; NetFPGA platform; click modular router; computer network attacks; denial-of-service attack; general purpose programmable packet processor; network infrastructure attack; packet processing code; processor monitoring; Computer crime; Internet; Program processors; Routing protocols;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Communications and Networks (ICCCN), 2011 Proceedings of 20th International Conference on

Conference_Location

Maui, HI

ISSN

1095-2055

Print_ISBN

978-1-4577-0637-0

Type

conf

DOI

10.1109/ICCCN.2011.6005919

Filename

6005919