Abstract | Keywords | Export | Availability | Bookmark

Choose an application

• Reference Manager
• EndNote
• RefWorks (Direct export to RefWorks)

The Locator/Identifier Separation Protocol (LISP) is an encapsulation protocol currently in development. It is based on the potential need to reorganize the routing architecture of the Internet in order to meet the still increasing size of this worldwide network. The key principle of this protocol is to split the current IP address space into an identifier address space and a locator one. In this paradigm, the identifier address serves the purpose of identifying a connection endpoint and is only routable in a stub network, a LISP site. The locator address, in turn, is used to locate this site in the core network. This address is thus globally routable. For nodes from different LISP sites to communicate between each other, a data tunnel has to be put in place between both sites.

Because of this separation principle, LISP needs a mechanism allowing it to translate an address from the identifier space to the locator space: the mapping system. Thanks to this, a LISP site is able to query a mapping, binding both address spaces, by the use of LISP control messages. LISP-DDT is a notable example of mapping system which draws inspiration, regarding its architecture, from the Domain Name System.

Both LISP and LISP-DDT current implementations may be prone to potential security vulnerabilities. In this regard, this work aims at getting a clear understanding of the security aspects of the studied protocols. This approach is done in order to find potential vulnerabilities in these protocols -- while not claiming to be exhaustive -- and take advantage of them in order to develop an attack. That way, a denial-of-service attack by amplification has been found out. This attack exploits the mapping lookup process between a LISP site and the mapping system. In particular, it relies on the fact that the mapping system is able to generate responses that are significantly larger than the queries causing them. This principle can hence be used to produce a lot of network traffic towards a predetermined victim node in order to consume its bandwidth.

As a proof-of-concept for the attack, a GNS3 emulated network topology has been set up and configured. This network therefore simulates an up and running LISP-DDT mapping system -- mimicking the one of the LISP Beta Network, a worldwide deployment of LISP on Internet -- in order to use it as an amplification vector for the attack. Results of the attack on this enclosed environment are analysed in this work. It proves the feasibility of the attack in the current implementations of LISP and LISP-DDT.

Finally, a brief discussion about possible mitigation techniques for the attack is provided. Among these mitigation techniques, one can cite the limitation of the reply size, the rate limitation or even anti-spoofing techniques. Either way, we hope to draw the LISP IETF Working Group's attention to the necessity of addressing this issue.

LISP --- LISP-DDT --- Mapping system --- DoS attack --- Amplification --- IP Spoofing --- GNS3 --- Security --- Networking --- Ingénierie, informatique & technologie > Sciences informatiques