Seeking Feedback on Mitigation of New BGP-driven Attack


Our research lab at the University of Tennessee ( has recently completed
a study on channeling link-flooding attack (transit link DDoS) flows
via BGP poisoning: the Maestro attack. We are seeking feedback on mitigation (see below). A brief summary from the abstract:

"Executed from a compromised or malicious Autonomous System (AS),
Maestro advertises specific-prefix routes poisoned for selected ASes
to collapse inbound traffic paths onto a single target link. A greedy
heuristic fed by publicly available AS relationship data iteratively
builds the set of ASes to poison. Given a compromised BGP speaker with
advantageous positioning relative to the target link in the Internet
topology, an adversary can expect to enhance flow density by more than 30%.
For a large botnet (e.g., Mirai), the bottom line result is augmenting a
DDoS by more than a million additional infected hosts. Interestingly, the
size of the adversary-controlled AS plays little role in this
amplification effect. Devastating attacks on core links can be executed by
small, resource-limited ASes."

We are seeking feedback from operators on the attack and the proposed
mitigations we have identified. While we have worked with our campus BGP
operators, we are reaching out to the broader community for additional insights.

Other than general notes/comments, we have two specific questions that we would
like to include feedback for in the final paper soon to be submitted:

1) Do you already filter poisoned/path prepend advertisements? This would
mitigate the attack.

2) After seeing this attack, would you consider adding poison filtering or some other Day mitigation?

The preprint is available at: See Section 7 on defenses.

Please reply with any thoughts. Thank you in advance for comments, insight, and general feedback.

Tyler McDaniel, Jared Smith, and Max Schuchard
UT Computer Security Lab

Dear Jared,

This was a very interesting read. Thank you for sharing it with us. The
paper contained new information for me, if I hope I summarize it correctly:
by combining AS_PATH poisoning and botnets, the botnet’s firing power can
be more precisely aimed at a specific target.

Can you clarify what the definition of a “link” is? Is it the logical
interconnection between two ASNs (many pairs of ASNs interconnect in many
places), or is it a reference to a specific physical interconnection
between two routers, each in a different ASN?

The paper mentions that if the top 20 transit-free (“tier-1”) networks
protect each other against poisoning, the Maestro attack is drastically
reduced in effectiveness. I have good news, amongst this set of networks,
there already is a widely deployed anti poisoning mechanism, sometimes
referred to as “Peerlock”. /
. I think this paper suggests the Peerlock practice should be promoted
more, and perhaps automated.

Kind regards,


That's my takeaway; it's utilizing illicit traffic engineering
mechanisms to explicitly steer DDoS traffic, and peer-locking would
frustrate this goal.

The authors of the paper should be aware that in large volumetric
attacks, the natural topological convergence of attack traffic as it
progresses towards the intended target can fill up peering links, core
links, et. al., greatly increasing the collateral damage of such attacks
as bystander traffic traversing those links is crowded out.

We've seen this happen many times over the last couple of decades, it
isn't new or rare or unique as the paper seems to imply (apologies if
that is not what the authors intended to convey). It's such a common
aspect of DDoS attacks that overloading 'LFA' to try and invent an
acronym for it (in network engineering terminology, 'LFA' = 'loop-free
alternate'; see RFCs 5286 & 8518) isn't really necessary or helpful;
it's actually confusing.

Sometimes attackers consciously choose this as a tactic, sometimes they
just hurl as much traffic as they can at the target and don't really
care about the details, as long as it works — which all too often is
the case when the defenders aren't adequately prepared.

Quantity has a quality all its own. DDoS attacks are attacks against
capacity and/or state; in this very common scenario, link capacity is
adversely affected.

The authors of the paper should also understand that commercial DDoS
mitigation centers are not necessarily topologically adjacent to the
properties being protected, as they seem to be asserting in the paper
(again, apologies if this interpretation is incorrect); this is true in
some models, but in other models they are topologically distant,
sometimes being one or more ASNs away from said protected properties.

We've observed what appeared to be the deliberate use of relatively
topologically-adjacent bots and/or reflectors/amplifiers on a couple of
occasions. We speculate that the attackers in those instances were
attempting to maximize the amount of traffic-on-target; seeking to avoid
detection/classification/traceback by avoiding crossing instrumented
macro-level administrative boundaries (i.e., peering edges, the
incorrect assumption on the part of the attacker being that all
operators only instrument said peering edges); and/or to complicate
diversion into peering edge- or topologically-distant DDoS mitigation
centers. To date, we've not encountered illicit traffic engineering
utilized during an attack, as described in the paper.

While it's recently become trendy in the confidentiality and integrity
arenas to give various exploits somewhat abstract names, this sort of
thing isn't really helpful in the availability space, where the specific
mechanisms and techniques employed matter a great deal to operators
working in real time to defend against DDoS attacks. Rather than
calling this a 'Maestro' attack, which carries no useful intrinsic
meaning, perhaps an appellation such as 'topological forcing' or
'traffic steering' would be more appropriate. As in, 'a
topologically-forced volumetric DDoS attack' or 'a traffic-steered
volumetric DDoS attack'.

n.b. — neological acronyms such as as TFVDDoS or TSVDDoS should be
avoided, as this further unhelpfully fragments the terminology space.