2019 Technology Exchange

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Timeout: Abusing the Network Label Stack

Time 12/12/19 08:30AM-09:00AM

Room Nottoway (4th)

Session Abstract

Time to live (TTL) processing on network nodes is a normal
process that happens millions of times a day across the
Internet. The resultant ICMP Time Exceeded messages are what
power traceroute and other network exploration utilities. During
routine syslog monitoring of Juniper routers, we discovered an
interesting NTP message that we eventually traced back to
misprocessing of ICMP Time Exceeded messages on the Juniper
routers. We also found that this bug could be leveraged in an
NTP reflection attack.

This talk will provide a brief introduction to multiprotocol
label switching (MPLS) and Virtual Routing and Forwarding (VRF)
and then detail how a bug in TTL processing of labeled packets
can lead to a UDP reflection attack. We used Juniper virtual MX
routers and Scapy to replicate and test the vulnerability.


Speaker Karl Newell Internet2

Presentation Media

Primary track Information Security

Secondary tracks Advanced Networking

gold Sponsors

bronze Sponsors