Restricted Assignment 4 – Mininet & BGP Routing 51.506 Security Tools Laboratory 1. Objectives By the end of this lab, you should be able to: • • • Know the basics of Mininet Use Mininet for network simulation Familiarize yourself with BGP and Zebra tools VMs Use xubuntu been provided. Use NAT Network. You must be able to reach the Internet (try pinging google). Password: xubuntu(sudo privileges given) 2. Mininet • • Open bgp file in Desktop, e.g. /Desktop/bgp/. cd into that directory. Change the permissions of all the files in that directory #chmod a+x *.sh *.py • Run the installation file. # ./install.sh • Kill the ovs-controller using following commands. # ps aux | grep ovs-testcontroller #sudo kill -9 <pid> • Start up Mininet #sudo python3 bgp.py • Check running processes to ensure there are 3 instances of zebra and 3 of bgpd. #ps aux | egrep “bgpd|zebra” • Explore the current topology by using Mininet commands: nodes, net, links, dump You can also try help for other commands. • There are couple of routers and hosts, while hosts represent different smaller networks connected to internal interfaces of the BGP routers. Restricted Restricted • In Mininet, you can open a terminal to any host or router using xterm. mininet> xterm h1-1 • To zoom in : CTRL + Right Click to obtain the menu and choose ‘Large’ • The opened terminal will provide you with an “internal view of the node”. You can run here commands, such as ping, traceroute, nmap, wireshark, route -n or other standard bash commands. • Complete the network diagram for each AS ( AS1/2/3) to include IP addresses of the interfaces of routers (R1/2/3) and their individual hosts. Please note that the unknown AS? is note active yet. You won’t be able to interact with it yet. You can add its details (AS number and IP addresses) when doing Attack section. 3. BGP Traffic • Connect to the router running BGP by the provided script (outside of Mininet) to Cisco’s IOS Command Line Interface (CLI). # ./connect.sh R1 (password is mssd) • List BGP routes #show ip bgp • You can also play with the different offered commands (try writing "?" or “<some command>?” into shell). • Take a screenshot of the BGP propagated routes you can see at each of the currently enabled routers. Restricted Restricted • Compare these routes to the routes you can obtain at each of 3 routers using route -n command (in an xterm shell). Add these routes to the write-up and describe the differences. • Start a wireshark session on one of the routers (make sure to select the right interface) and open an IOS CLI session to this router with the connect script. Note: Don't be confused by all the terminals, remember you’ve: 1. Normal ubuntu terminal session 2. Mininet session (with mininet> prompt) 3. Xterm session to all Mininet components 4. CLI session to router (with bgdp-Rx> prompt where x is Router ID) • Type "enable" in the IOS CLI session to enable admin mode (password:mssd). Look at the current routes. # show ip bgp • Clear the exchanged routes. #clear bgp external • Watch the BGP traffic establishing routes again. What 2 types of BGP messages you can see (other than Keepalive)? Put the screenshot highlighting them in your report. • From h1-1, try to reach h3-3. Does it work? • From R1, try to reach h3-1(13.0.1.1). Does it work? If no, why not? • Modify the routing table to one of the routers to allow R1 access h3-1 (13.0.1.1). Work only through the xterm session on the R1, R2, R3 and use route command to show and modify routing table. Hint: try to use wireshark step-by-step on each interface in the path between R1 and h3-1 and find out where the ICMP reply packets cease to return (this will be the place for modification of routing table). • The command to add a default route for all packets is: # route add default gw <ip of outgoing interface> 4. BGP Attack 1 • A malicious attacker has control over AS4, which is BGP - peering with AS1. A user from AS1 want to visit a website on 13.0.1.1 (AS3). The attacker wants to redirect the user to his own web server instead. • All configuration files are in ./conf/ folder o bgpd - Rx.conf - configure the BGP setup of each router o zebra - Rx.conf - configure the network interfaces of each router Restricted Restricted • Look at these files and try to understand what is configured, and how. Before running attack, display the path of packets traveling to the benign web server from R1: #traceroute -n 13.0.1.1 • In the terminal, run the provided script for querying the web server: # ./website.sh It will continuously contact the web server on 13.0.1.1 from R1 (if you have already fixed R3's routing table). Keep the script running in that terminal. • Open a wireshark session on R1, make sure to listen on all interfaces. • To perform the attack, you will have to modify only bgpd-R4.conf. • Run ./start_rogue.sh script in a terminal, which starts BGP routing process on malicious router R4. • Observe the continuous results of the querying script running: o If you have correctly modified configuration of R4, the victim should now see the attacker’s website. • Observe the wireshark traffic. What types of BGP messages you can see after starting BGP routing on malicious router (other than Keepalive)? What important information from attacker’s point of view was transferred there? • Running ./stop_rogue.sh will stop the BGP routing on R4, so you can try other configurations of R4, and start the attack again (by the previous script) without stopping the Mininet itself. • If your attack was performed successfully, find out the path from R1 to web server again and compare it to the state before the attack. Add this comparison to your writeup. 5. BGP Attack 2 • Based on what you have learned, create a DOS protection in AS 1 by injecting a black hole route to prevent a DOS attack from AS 4. You can use hping for the DOS attack or any other equivalent. Detail all your entries and changes and display screenshots as proofs for successful changes all the way from the attack happening to the routing update which prevents the attack. You must show that you have successfully mitigated the attack. Restricted
