1 实验环境
本实验需要使用SEED互联网仿真器(已集成到docker配置文件)。
启动docker容器,配置文件在/Labsetup/outputs/目录下。由于要配置很多docker容器,所以构建+启动过程会比较漫长。.随着docker启动,仿真器也随之运行,仿真器所用到的设备均为docker容器。
Buid容器时报错【Temporary failure resolving 'security.ubuntu.com'】,无法安装软件时,修改如下解决:
cd /etc/docker # 切换到docker配置
touch daemon.json # 新建daemon.json文件
!-----------------------------------------
# 写入以下内容
{
"dns": ["8.8.8.8", "114.114.114.114"]
}
!-----------------------------------------
sudo service docker restart # 重启docker服务容器启动报错【An HTTP request took too long to complete. Retry with --verbose to obtain debug information.】,这是同时启动的服务过多,超过了请求HTTP限制的60s时间仍未全部成功启动起来。把限制时间调大;
vi /etc/profile
! ------------------------------
# 在文件尾部追加
export COMPOSE_HTTP_TIMEOUT=500
export DOCKER_CLIENT_TIMEOUT=500
! -----------------------------
source /etc/profile # 生效容器正常启动后,访问 http://localhost:8080/map.html 即可访问互联网仿真器:
2 Task 1: Stub Autonomous System
2.1 Task 1.a: Understanding AS-155’s BGP Configuration
Task 1.a.1: 查找AS-155的peer自治系统,找到10.155.0.254/24的BGP路由,使用cat /etc/bird/bird.conf查询它的配置信息。
从路由配置中得知,AS-150与3个自治系统互联,其中p_as156与之为peer关系:
Task 1.a.2: AS-155同时与多个AS互联,其中一个失恋不影响AS-155访问互联网。
这里选择从10.155.0.72上ping主机10.156.0.72,并逐一切断BGP路由的链接,当且仅当所有链接均切断时,ping命令显示不可达。
2.2 Task 1.b: Observing BGP UPDATE Messages
在路由上运行以下命令,将路由器收到的数据包存储到pcap文件,并转移至虚拟机上:
# 出现权限错误时,删除旧的/tmp/bgp.pcap文件
tcpdump -i any -w /tmp/bgp.pcap "tcp port 179"
# 这条指令在虚拟机上运行
docker cp {填路由ID}:/tmp/bgp.pcap /home/seed/bgp.pcp 切断与之相连的某个路由器(下线或者切断所有的bgp连接),使用wireshar读取pcap文件,查找BGP的UPDATE MESSAGE,能看到路由退出的报文:
恢复连接也能抓到路由更新的报文:
2.3 Task 1.c: Experimenting with Large Communities
先切断AS-4与AS-156之间的连接,然后在10.156.0.71上运行ping命令,发现可以ping同10.155.0.71,但ping不通10.161.0.71。 虽然AS-156通过AS-155接入了互联网,但由于两者peer的关系,AS-155并不会转发AS-156的数据(是否转发取决于两者关系)。
修改AS-155路由器的配置文件,实现AS-156的数据包通过AS-155转发,一共需要修改两处:
protocol bgp u_as4 {
ipv4 {
table t_bgp;
import filter {
bgp_large_community.add(PROVIDER_COMM);
bgp_local_pref = 10;
accept;
};
# 添加PEER-COMM,把AS-156路由信息告知AS-4
export where bgp_large_community ~ [LOCAL_COMM, CUSTOMER_COMM, PEER_COMM];
next hop self;
};
local 10.102.0.155 as 155;
neighbor 10.102.0.4 as 4;
}
protocol bgp p_as156 {
ipv4 {
table t_bgp;
import filter {
bgp_large_community.add(PEER_COMM);
bgp_local_pref = 20;
accept;
};
# 添加PROVIDER_COMM,把AS-4的路由信息告知AS-156
export where bgp_large_community ~ [LOCAL_COMM, CUSTOMER_COMM, PROVIDER_COMM];
next hop self;
};
local 10.102.0.155 as 155;
neighbor 10.102.0.156 as 156;
}使用以下命令完成修改后,10.156.0.71即可ping通10.161.0.71:
dockps | grep 155
docker cp [docker id]:/etc/bird/bird.conf ./as155_bird.conf
docker cp ./as155_bird.conf [docer id]:/etc/bird/bird.conf
docker exec [docker id] birdc configure2.4 Task 1.d: Configuring AS-180
本节实验需要配置一系列路由器的配置信息,使AS-180能够访问互联网。使用import bird conf.sh和export bird conf.sh完成容器内配置文件的导入导出。
step 1 连通AS-180与AS-171
分别在AS-180与AS-171的配置中添加以下内容:
! ------------------- AS-180 -------------------
define LOCAL_COMM = (180, 0, 0);
define CUSTOMER_COMM = (180, 1, 0);
define PEER_COMM = (180, 2, 0);
define PROVIDER_COMM = (180, 3, 0);
ipv4 table t_bgp;
protocol pipe {
table t_bgp;
peer table master4;
import none;
export all;
}
protocol pipe {
table t_direct;
peer table t_bgp;
import none;
export filter { bgp_large_community.add(LOCAL_COMM); bgp_local_pref = 40; accept; };
}
protocol bgp p_as171 {
ipv4 {
table t_bgp;
import filter {
bgp_large_community.add(PEER_COMM);
bgp_local_pref = 20;
accept;
};
export where bgp_large_community ~ [LOCAL_COMM, CUSTOMER_COMM];
next hop self;
};
local 10.105.0.180 as 180;
neighbor 10.105.0.171 as 171;
}
! ------------------- AS-171 -------------------
protocol bgp p_as180 {
ipv4 {
table t_bgp;
import filter {
bgp_large_community.add(PEER_COMM);
bgp_local_pref = 20;
accept;
};
export where bgp_large_community ~ [LOCAL_COMM, CUSTOMER_COMM];
next hop self;
};
local 10.105.0.171 as 171;
neighbor 10.105.0.180 as 180;
}重启路由后,AS-180与AS-171即可相互通信,
step 2 连通AS-180与AS-2、AS-3
!------------------------------- AS-180 -----------------------------------
# 添加到ipv4 table t_bgp;后面
protocol bgp p_as171 {
ipv4 {
table t_bgp;
import filter {
bgp_large_community.add(PEER_COMM);
bgp_local_pref = 20;
accept;
};
export where bgp_large_community ~ [LOCAL_COMM, CUSTOMER_COMM];
next hop self;
};
local 10.105.0.180 as 180;
neighbor 10.105.0.171 as 171;
}
!------------------------------- AS-2 -----------------------------------
# 添加到ipv4 table t_bgp;后面
protocol bgp c_as180 {
ipv4 {
table t_bgp;
import filter {
bgp_large_community.add(CUSTOMER_COMM);
bgp_local_pref = 30;
accept;
};
export all;
next hop self;
};
local 10.105.0.2 as 2;
neighbor 10.105.0.180 as 180;
}此时可ping通AS-2连通的主机:
3 Task 2: Transit Autonomous System
3.1 Task 2.a: Experimenting with IBGP
在AS-162任意主机上ping 10.164.0.71,观察流量路径,此时关闭3/r103路由器的ibgp3,icmp路径被中断。此时162/router0路由器的路由表中会丢失经由10.103.0.3转发的路由信息。
3.2 Task 2.b: Experimenting with IGP
使用命令disable ospf1关闭3/r103路由器的opsf协议,icmp路径被切断。
3.3 Task 2.c: Configuring AS-5
修改AS-5的配置文件,一共3个,都要检查一下。更改配置后,AS-153\AS-160\AS-171即可接通:
protocol direct local_nets {
ipv4 {
table t_direct;
import all;
};
interface "net_101_103";
# 这里填写路由器连接的网络,有几个填几个
interface "net_103_105";
}
ipv4 table t_ospf;
protocol ospf ospf1 {
ipv4 {
table t_ospf;
import all;
export all;
};
area 0 {
interface "dummy0" { stub; };
interface "ix103" { stub; };
# 这里填写路由器连接的网络,有几个填几个
interface "net_101_103" { hello 1; dead count 2; };
interface "net_103_105" { hello 1; dead count 2; };
};
}
protocol bgp ibgp2 {
ipv4 {
table t_bgp;
import all;
export all;
igp table t_ospf;
};
local 10.0.0.13 as 5;
# 属于同一AS的peer路由
neighbor 10.0.0.14 as 5;
}修改AS-5/r103与AS-3/r103的配置,使它们以peer-to-peer方式互通:
! --------------------只给出AS-5/r101配置----------------------
define LOCAL_COMM = (5, 0, 0);
define CUSTOMER_COMM = (5, 1, 0);
define PEER_COMM = (5, 2, 0);
define PROVIDER_COMM = (5, 3, 0);
protocol bgp p_as3 {
ipv4 {
table t_bgp;
import filter {
bgp_large_community.add(PEER_COMM);
bgp_local_pref = 20;
accept;
};
export where bgp_large_community ~ [LOCAL_COMM, CUSTOMER_COMM];
next hop self;
};
local 10.103.0.5 as 5;
neighbor 10.103.0.3 as 3;
}4 Task 3: Path Selection
先查看一下AS-150的BGP路由器中,通往10.161.0.0/24的路由表:
可以看到,到达10.161.0.0/24的路由路径有两条,分别经过AS-2和AS-3,在转发路由时将会选择第一条路径转发,这是由于两条路径的优先级相同,所以优先选择AS路径更短的转发
接下来修改AS-150的路由配置,使AS-150的流量均通过AS-3转发,而AS-2仅作为后备link使用。不修改路由配置时,发往10.152.0.0/24的流量将经AS-2转发:
由于路由选择时优先挑选local-preference更大的,因此调整一下配置设置即可:
# The import filter for the AS-3 peering session
import filter {
bgp_large_community.add(PROVIDER_COMM);
# 把u_as3的这个调大
bgp_local_pref = 15;
accept;
}; 
5 Task 4: IP Anycast
Anycast(任意播),类似“抛绣球”,一个成员向一组成员发一个消息,DNS服务器即采用该技术。
在10.156.0.71和10.160.0.72上ping 10.190.0.100,发现两台主机的icmp包发完不同的目的主机。
Anycast的实现机理在于,路由器并不关心目的主机的具体位置(哪怕有多个),而只关心到达主机的路径。两台 10.190.0.100分别告知AS-3和AS-4自己的位置,并由AS-3和AS-4向外扩散,其他路由器接收到路由信息后,会根据路由选择算法挑选最优的路径转发,转发路径只有一条,所以消息只能抵达10.190.0.100中某一台主机。
6 Task 5: BGP Prefix Attack
原理:最长路由匹配原则
6.1 Task 5.a. Launching the Prefix Hijacking Attack from AS-16
修改AS-161的配置信息,使通往AS-154的流量全部转往AS-161。配置中的子网需要覆盖整个10.154.0.0/24:
protocol static hijacks {
ipv4 {
table t_bgp;
};
route 10.154.0.0/25 blackhole {
bgp_large_community.add(LOCAL_COMM);
};
route 10.154.0.128/25 blackhole {
bgp_large_community.add(LOCAL_COMM);
};
}效果如下:
6.2 Task 5.b. Fighting Back from AS-154
修改AS-154配置,使其可以抢回属于自己的流量:
protocol static {
ipv4 {
table t_bgp;
};
route 10.154.0.0/26 via "net0" {
bgp_large_community.add(LOCAL_COMM);
};
route 10.154.0.64/26 via "net0" {
bgp_large_community.add(LOCAL_COMM);
};
route 10.154.0.128/26 via "net0" {
bgp_large_community.add(LOCAL_COMM);
};
route 10.154.0.192/26 via "net0" {
bgp_large_community.add(LOCAL_COMM);
};
}
6.3 Task 5.c. Fixing the Problem at AS-3
由于AS-3是AS-161的唯一provider,因此AS-3可以修改自己的配置,修复错误路由:
protocol bgp c_as161 {
ipv4 {
table t_bgp;
import filter {
bgp_large_community.add(CUSTOMER_COMM);
bgp_local_pref = 30;
# 添加以下内容
if (net != 10.103.0.0/24) then reject;
accept;
};
export all;
next hop self;
};
local 10.103.0.3 as 3;
neighbor 10.103.0.161 as 161;
}这里已经把AS-154的配置回滚了,可以发现,流量依然正确发往AS-154。
文章来源:https://www.toymoban.com/news/detail-441836.html
文章来源地址https://www.toymoban.com/news/detail-441836.html
到了这里,关于【SeedLab】BGP Exploration and Attack Lab的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
