Scribd
Upload
16 views

BGPLab

Uploaded by

tigerliker007
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
16 views

BGPLab

Uploaded by

tigerliker007
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

BGP EXPLORATION AND ATTACK LAB

SHIVAM PISAL
568485840
Lab Setup
We build all the conmtainers, using dcbuild and start them using dcup, this takes a while as there is a large
number of containers.
After the container starts normally, visit http://localhost:8080/map.html to access the Internet emulator

Task 1: Stub Autonomous System

Task 1.a.1: Locate AS-155's neighbor autonomous system, the BGP route 10.155.0.254/24, and use cat
/etc/bird/bird.conf to obtain configuration information.

According to the routing setup, AS-150 is linked to three autonomous systems, one of which is peering with
p_as156.
The protocol bgp p_156 is PEER_COMM
Task 1.a.2: AS-155 communicates with numerous ASs at the same time. One of them is lost, but AS-155's
Internet connectivity remains unaffected. Here, we choose to ping host 10.156.0.72 from 10.155.0.72 and
then disconnect the BGP routing links one by one. If and only if all links are severed, the ping command will
return an inaccessible response.

We can see when we ping, and goto filter section to filter ICMP requestes, the tree lights up
Task 1.b: Observing BGP UPDATE Messages

Run the following command on the router to store the packets it receives in a pcap file and transmit them
to the virtual machine:
In this screenshot, we can see the BGP update message, we can also see a message a message when the
connection is restored

Task 1.c: Experimenting with Large Communities

For this task, we first, disconnect the connection between AS-4 and AS-156, and then execute the ping
query on 10.156.0.71. It was discovered that 10.155.0.71 can be pinged, but 10.161.0.71 cannot. Although
AS-156 is connected to the Internet via AS-155, the relationship between the two peers prevents AS-155
from forwarding AS-156's data.

Next, we modify the AS-155 router's configuration file to forward AS-156 data packets through AS-155.
Two adjustments are required:
After finishing the update with the following command, 10.156.0.71 can ping 10.161.0.71

dockps | grep 155


docker cp [docker id]:/etc/bird/bird.conf ./as155_bird.conf
docker cp ./as155_bird.conf [docer id]:/etc/bird/bird.conf
docker exec [docker id] birdc configure
Task 1.d: Configuring AS-180
This experiment necessitates specifying a series of router setup parameters so that AS-180 can connect to
the Internet. To complete the container's configuration file import and export, run import bird conf.sh and
export bird conf.sh.

After restarting routing, AS-180 and AS-171 can communicate with one another. step 2 Connect AS-180 to
AS-2 and AS-3
And then we can ping the host which is connected to AS-2

Task 4: IP Anycast

Anycast (anycast) is comparable to "throwing a hydrangea". One member transmits a message to a group
of members, and the DNS server employs this method. Ping 10.190.0.100 on 10.156.0.71 and 10.160.0.72
to see that the two hosts' icmp packets are routed to separate destination hosts.

We can compare the 2 screenshots and can observe the change in highlighted servers

Anycast's implementation method is that the router is not concerned with the precise location of the
target host (even if there are several), but rather with the path to the host. The two 10.190.0.100s notify
AS-3 and AS-4 of their respective locations, and then expand outwards from them. After receiving the
routing information, other routers will use the routing algorithm to choose the best path for forwarding.
Because there is only one forwarding path, the message can only reach a certain host at 10.190.0.100.
Task 5: BGP Prefix Attack

Change the configuration information for AS-161 so that all traffic to AS-154 is routed to AS-161. The
subnet in the configuration should encompass the entire 10.154.0.0/24:

From 155 we ping and we observe the above,


Similarly from 161 we ping 10.154.0.71 and observe the change in highlighted servers

The above is the change we make to the file,

We need to copy the contents of the bird.conf file to another file and then copy it back to the container,
hence we need the root id
Here, is screenshot that confirms our change has been made, we then have to reconfigure the bird file
shown below
We check the routes of the subnets

And then ping to check the highlighted servers in the above screenshot, notice the changes

And when we ping from 155 we see no packets are transmitted


Task 5.b. Fighting Back from AS-154

We see the bird.conf file of 154, shiwn below

We make the changes to the bird.conf file and copy it back to the container, and we can double check the
changes as shown in above screenshot
We see all subnets of 154, shown below

Here, we can see 154 is successful in in snatching backl its own traffic

Task 5.c. Fixing the Problem at AS-3

First, we just see the subnets of 154


We make the changes to bird.conf file of 154 and reconfigure the file

We see that no packets are being received so the connection is not complete
Then we edit the bird.conf file of AS3 and add neighbours

We can see the subnet has been fixed

When we ping from 155, the connection has been reestablished and working fine
All packets are transmitted and received correctly

You might also like