The Internet is a critical resource in the day-to-day life of billions of users. To support the growing number of users and their increasing demands, operators have to continuously scale their network footprint -- e.g., by joining Internet Exchange Points -- and adopt relevant technologies -- such as IPv6. IPv6, however, has a vastly larger address space compared to its predecessor, which allows for new kinds of attacks on the Internet routing infrastructure. In this paper, we revisit prefix de-aggregation attacks in the light of these two changes and introduce Kirin -- an advanced BGP prefix de-aggregation attack that sources millions of IPv6 routes and distributes them via thousands of sessions across various IXPs to overflow the memory of border routers within thousands of remote ASes. Kirin's highly distributed nature allows it to bypass traditional route-flooding defense mechanisms, such as per-session prefix limits or route flap damping. We analyze the theoretical feasibility of the attack by formulating it as a Integer Linear Programming problem, test for practical hurdles by deploying the infrastructure required to perform a small-scale Kirin attack using 4 IXPs, and validate our assumptions via BGP data analysis, real-world measurements, and router testbed experiments. Despite its low deployment cost, we find Kirin capable of injecting lethal amounts of IPv6 routes in the routers of thousands of ASes.

翻译：互联网是数十亿用户日常生活中的关键资源。为支撑不断增长的用户数量及其日益增长的需求，运营商需持续扩展网络覆盖范围（例如加入互联网交换中心）并采用相关技术（如IPv6）。然而，相较于其前身，IPv6拥有极为庞大的地址空间，这为互联网路由基础设施带来了新型攻击手段。本文结合这两项变化重新审视前缀解聚合攻击，并提出Kirin——一种先进的BGP前缀解聚合攻击，它可生成数百万条IPv6路由，并通过数千条会话跨不同IXP分发，以溢出数千个远程AS内的边界路由器内存。Kirin的高度分布式特性使其能够绕过传统的路由洪泛防御机制，例如每会话前缀限制或路由振荡抑制。我们通过将其建模为整数线性规划问题来理论分析攻击可行性，通过部署利用4个IXP实施小型Kirin攻击所需的基础设施测试实际障碍，并借助BGP数据分析、实际测量及路由器测试床实验验证假设。尽管部署成本极低，我们发现Kirin能够向数千个AS的路由器中注入致命数量的IPv6路由。