0% found this document useful (0 votes)
47 views5 pages

A Survey On Backbone Attack

This document discusses a survey on backbone attacks against network infrastructure. It examines attacks on layers 2 and 3 of the OSI model, which are carried out against switches and routers that constitute the internet backbone. Several attacks are explored, including CAM overflow attacks, VLAN hopping, spanning tree attacks, and private VLAN attacks. The vulnerabilities of outdated devices and software are highlighted. The goal of the study is to draw attention to weaknesses in the network and datalink layers and show how these vulnerabilities can originate from devices used in internet and private network backbones.

Uploaded by

puyish
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
47 views5 pages

A Survey On Backbone Attack

This document discusses a survey on backbone attacks against network infrastructure. It examines attacks on layers 2 and 3 of the OSI model, which are carried out against switches and routers that constitute the internet backbone. Several attacks are explored, including CAM overflow attacks, VLAN hopping, spanning tree attacks, and private VLAN attacks. The vulnerabilities of outdated devices and software are highlighted. The goal of the study is to draw attention to weaknesses in the network and datalink layers and show how these vulnerabilities can originate from devices used in internet and private network backbones.

Uploaded by

puyish
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

A Survey on Backbone Attack

Ebu Yusuf GÜVEN Mehmet Yavuz YAĞCI Ali BOYACI


Istanbul University - Cerrahpaşa Istanbul University - Cerrahpaşa Istanbul Commerce University
eyguven @istanbul.edu.tr [email protected] [email protected]
Serhan YARKAN Muhammed Ali AYDIN
Istanbul Commerce University Istanbul University - Cerrahpaşa
[email protected] [email protected]

Abstract—The Internet is the universal network infrastructures communicate using the public or private
infrastructure that surrounds the Earth with thousands of internet infrastructure. The various wireless technologies
devices and connections that make up it. The communication of and secure communication protocols that are introduced are
various technologies from data centers to personal smartphones connected to the internet backbone via the gateway to which
is provided through this infrastructure. While end devices are
they are connected, regardless of the range and protocol
renewed as technology and product in short periods, network
devices such as switches and routers, where communication is security used. In addition, the internet network uses the
provided, can work for many years and work with out-of-date same network devices as the internet infrastructure of the
software and protocols. Therefore, it is clear how important the private networks, which are independent from the internet
weaknesses are. Internet communication protocols are designed infrastructure, and carry the internet backbone weaknesses.
with security concerns in mind instead of communication speed In order to exploit vulnerabilities in private networks, it is
and bandwidth. Even though researchers work intensively on sufficient for attackers to join the network. Therefore, the
wireless networks, the security of the infrastructure that connects security of backbone network devices such as switches and
wireless networks is ignored. In this study, we examined the routers is important for all network infrastructures that are
attacks on OSI layer 2 and layer 3 layers made to the devices that
designed with these devices.
constitute the backbone of the Internet infrastructure. Although
several security measures and updates have been published for
some of these attacks, the vulnerabilities that may occur in This study has been carried out to draw attention to the
outdated devices are revealed. weaknesses in the Network and Datalink layers examined in
this study and to show the source of these vulnerabilities.
Keywords—Cyber Attack, Router, Switch, Layer 2, Chapter 2 introduces the Internet Infrastructure by referring
Datalink layer Attack to the OSI model, while devices in various layers are
described. Layers, protocols and network devices included
I. INTRODUCTION in the study were introduced. In Chapter 3, CAM Overflow,
VLAN Hopping, Spanning Tree and Private VLAN attacks
were examined in Chapter 3 and results and discussion were
The interconnected technology of computers has discussed in Chapter 4.
transformed into a network that has embraced the world for
decades and created the Internet. Thanks to the growing
bandwidth of the Internet, it has become an important
infrastructure for transmitting information to data centers
via Cloud Computing. With the development of smart
II. INTERNET INFRASTRUCTURE
devices, emerging speed and performance requirements
have begun to evolve in distributed data storage The Internet is the name given to all connected devices
architectures on the network that process and process data, connected to the world, a structure that resembles a ball of
technologies like Edge Computing and Fog Computing have wired or wireless network devices. As seen in Figure 1, this
emerged. While attempting to solve the Internet capacity structure, which consists of connecting different technologies
and performance problems, the main danger is that the basic and different systems, covers the whole world. Information,
education, business, bank and even social life to humanity is
principles of cyber security, such as Confidentiality,
served completely through internet infrastructure with
Integrity, Authentication and Non-repudiation, cannot be
various applications and methods. This massive Internet
fully achieved. infrastructure works on the structural design called Open
Systems Interconnection model (OSI model). Thanks to this
The Internet infrastructure is based on the OSI model model model, the problems arising from the heterogeneous structure
and there are dozens of protocols in different layers over this of the communicating devices have been eliminated[3].
layered model. However, although security measures Because before OSI, each network device manufacturer used
usually focus on the application layer, this level of security its own communication model and it was not possible to
measures not only cause additional burdens on the network, communicate between different platforms or it was very
but also address the blocking attacks like DDos and Dos. difficult.
Network devices that do not use well-made, out-of-date
software that are used for many years in particular, or use
secure protocols from performance concerns, compromise
the security of the backbone.

GSM infrastructure, individual and corporate, Wi-Fi


services, cloud computing services and all critical

978-1-7281-2827-6/19/$31.00 ©2019 IEEE

Authorized licensed use limited to: Sharda University. Downloaded on July 18,2023 at 08:12:19 UTC from IEEE Xplore. Restrictions apply.
characteristics of the data connection, such as analogue or
digital, are determined and transported from the device as a
physical transmission device via copper, fiber optic cable or
radio frequency. The security of the transmitted data and the
network used depends on physical security first. Physical
listening methods apply to this layer, but attack vectors are
excluded from this study.
The data link layer is called the layer that provides the
connection between two connected end devices. The bits
from layer 1 are combined in this layer and named as Frame.
The errors in the physical layer are determined by various
validation methods. Hub and switch devices are used in this
layer. Various protocols such as IEEE 802.2, L2TP, LLDP,
MAC, PPP, ATM, MPLS are used in this layer. Within the
Fig. 1. Access and backbone core networks and data capture platform[4]. scope of the work we have done, security issues have been
discussed within the scope of the vulnerabilities arising from
The Internet infrastructure is communicated using the these protocols and the software on the devices in this layer.
Open Systems Interconnection Model (OSI Model). Thanks
to this model, the problems arising from the heterogeneous
structure of the communicating devices have been The data link layer is divided into two sub-layers. These
eliminated. OSI model consists of 7 layers, Physical, Data layers are respectively Medium Access Control (MAC) and
Link, Network, Transmission, Session, Presentation and Logical Link Control (LLC). The MAC layer is responsible
Application as shown in Table 1. Thanks to the layered for the permissions of the devices to access the network and
structure, each layer-specific and protocol-specific protocol the permissions to send data. In the LLC layer, the data to be
is developed and passed from the application layer of the sent to the upper layer is encapsulated, error checks and
data package, passing through each layer, converted to a frame synchronizations are made. The IEEE 802 LAN /
signal in the physical layer. In addition, the detection and MAN standard middle access control (MAC) sublayer (also
maintenance of the problems encountered due to the modular known as the media access control sublayer) and the logical
structure has become easier. The OSI model has grown with link control (LLC) substrate together form the data link
protocols added since the late 1980s and has become a guide layer. Within this data link layer, LLC provides flow control
for network operations [3]. and multiplexing (ie, EtherType, 802.1Q VLAN tag, etc.) for
logical connection, and MAC provides flow control and
multiplexing for the transport medium.
TABLE I. OSI LAYERS
These two sublayers together correspond to layer 2 of the
Layer Number Layer Name
OSI model. Due to compatibility, LLC is optional for IEEE
7. Application 802.3 applications (frames later become "raw"), but is
6. Presentation mandatory for all other IEEE 802 standards applications.
Within the hierarchy of the OSI model and IEEE 802
5. Session standards, the MAC block provides control abstraction of the
4. Transport physical layer, such that the complexity of the physical link
control does not appear to LLC and to the upper layers of the
3. Network network stack. Thus any LLC block (and higher layers) can
2. Datalink be used with any MAC.
1. Physical
Network layer: Enables the transmission of variable-
length data packets, called datagrams, from one network
When the OSI layers are examined, a two-way node to another network node connected to the same
encapsulated and decapsulated process is carried out from network. Each node connected to the network has an address
the first layer to the seventh layer. Thanks to this model, it and the data is transmitted using these addresses. In this
reaches the data through various layers from the physical layer, Packet / Datagram is used as the data unit. AppleTalk,
layer to the packet transmission application layer. During this ICMP, IPsec, IPv4, IPv6 protocols used in this layer are
transmission, any attack on the interlayers and the network used. If the size of the data to be sent during the data
devices on which these layers work will endanger the transmission is larger than the connection between the two
security and confidentiality of the upper layers. Therefore, nodes, the data on the network is transmitted in several
network security should be evaluated towards the upper pieces. These packages are given a sequence number and the
layers starting from the lowest layer of the OSI reference[5]. receiver side is merged and the package is obtained. Routers
and some advanced switches work on this layer. The
The first layer of the OSI model is transmitted in the backbone of the Internet forms devices in the network layer
physical layer via the transmission line as a raw data electric, and data link layer. Especially network layer devices are of
radio or optical signal. In this layer, packaged data is great importance in the management of internet traffic. In
transmitted as the smallest structural part bit. DOCSIS, DSL, these devices, the vulnerabilities in the algorithms and
ADSL, VDSL, Ethernet physical layer, ISDN and RS-232 protocols used directly affect the Internet infrastructure. The
are some protocols used in the physical layer. The attacks described in this study also affect the third layer.

Authorized licensed use limited to: Sharda University. Downloaded on July 18,2023 at 08:12:19 UTC from IEEE Xplore. Restrictions apply.
Transport layer: The transport layer allows sending
datagram packets from the source device to the target device
over one or more networks while maintaining quality. The
Transmission Control Protocol (TCP), which was developed
on the Internet Protocol (IP) in the transport layer, is one of
the protocols used. The protocol used is to control the flow
through the given connection and is responsible for the error
checking by transferring the data. The transport layer also
gives a success message if no error occurs after the data
transmitted to the other party and sends the next data. If a
whole package is not delivered, the data flow is stopped and
the packet is requested again from the source until the packet
is received. Data transmission of protocols such as HTTP /
HTTPS, POP3 / SMTP, SSH, Telnet and FTP is also used by Fig. 2. Switch, A, B and C Computers with CAM Table
end users. The attacks in this layer were not included in the
scope of this study. When the C computer creates a fake data packet sent
from B to A and releases it to the network, the switch
combines port which C computer connected and B computer.
III. BACKBONE ATTACK SURFACE
Therefore, packets sent to computer B will be routed to C.
Thanks to the internet infrastructure, many products and
services are offered to the service of humanity. The biggest There are some recommendations for the prevention of
technology that makes us the era of communication and overflow of CAM[6]. It is recommended to manually assign
technology in our age is the internet infrastructure created in the mac address for each port. It is also recommended to
the past century. There was no cyber security threat at the block the port with the undefined MAC address, regardless
time the Internet was developed. For this reason, it has of whether the MAC addresses of the incoming packets are
started to work with established protocols without defined or not.
considering the safety and privacy concerns.
B. VLAN Hopping Attack
When sending the response packet, switch learns the port
In order to take security measures in the network
to which b computer is connected. When sending the
structures where different units are located and to create an
response packet, switch learns the port to which b computer
is connected. Although secure protocols have been optimized network structure, it is necessary to create a
physically separate network structure for the locations and
developed in the application layer and in the network layer
over the Internet infrastructure, there is no solution to the units where the computers are located. Setting up different
network structures results in extra hardware costs for each
vulnerabilities in the lower layers. Therefore, in this study for
different network area. VLAN technique is used as a
Data link and Network layer "CAM Overflow", "VLAN
software solution to divide different regions on the switch
Hopping", "Spanning Tree", "Private VLAN" attacks were
and control interregional access. The use of VLAN offers
examined.
optimized solutions in some cases. Broadcast messages
spread across the entire network lead to high message traffic
A. CAM Overflow Attack on networks with a high number of clients. VLAN technique
The CAM table is a table structure that matches the MAC is used for optimization of this message traffic. Each VLAN
addresses and switch ports that aim to prevent unrelated is designed as a separate network and therefore has their own
packets from spreading in the network. Consider the scenario broadcast and network addresses. Therefore, the broadcast
for the glass table through the A, B, C computers in the same messages sent are in the corresponding VLAN [7].
network as shown in Figure 2. MAC address port mapping
was not performed since there was no communication It is labeled with 802.1Q or ISL standard to separate
between computers during initial setup. Assume that packet VLAN packets from each other. The technology used to
A is sent to computer B on computer A so that the direct many VLANs over the same physical connection is
corresponding match occurs. The switch sends this packet to called the trunk configuration [8].
all active ports. The C computer reads the data packet from Trunk label applied to different communication via
A to B. During traffic, switch combines A computer VLAN is designed with the idea that contain a single
connected to port and the mac address. level[9]. Based on this idea, a single level decapsulation
When sending the response packet, switch learns the port process is performed on the switch. The attacker who wants
to which b computer is connected. Instead of sending the to send a packet to the B VLAN that is in the VLAN and has
related packet to the entire network, the next packet is sent to no communication between can use the nested tag structure
the port associated with the MAC address. to deceive the switch. An attacker could use the network
packet he created to add the desired vlan tag to make it look
like sent over a different VLAN.
Some safety measures have been proposed against
attacks on VLAN and Trunk structures. First of all it is
defended that for every trunk VLAN should be defined. The
previously created definitions always look like an open door
in the system. Therefore, unused ports and VLANs must be
disabled. The first situation that the attacker who wants to be
included in the system from outside is the default ports and

Authorized licensed use limited to: Sharda University. Downloaded on July 18,2023 at 08:12:19 UTC from IEEE Xplore. Restrictions apply.
vlan addresses. The significant measure to be taken in the configured network devices were investigated. It is out of
system is that the default VLAN is not used. scope that Defense methods against vulnerabilities and how
to make the right configurations are excluded and sould be
C. Spanning Tree Attacks another study. In addition, the vulnerabilities arising from the
The connections between the switches are designed as special protocols that various manufacturers such as Cisco,
redundant. The line that is left as a spare connection often Huawei HP and Alcatel have identified have been excluded
causes problems such as looping the packet to the network. It from the scope. It is planned to investigate the vulnerabilities
is necessary to pass that line to prevent this cycle. The of the protocols defined in the device and brand, in the
physically inactive state leads to a delay in detecting breaks future.
that may occur in other lines and in the commissioning of the In this article, the vulnerabilities that may occur from the
backup line. The Spanning Tree tree structure is configuration errors are defined in the standards on Network
proposed[10]. Spanning tree structure is used to prevent the and Datalink layer devices (such as switch) which constitute
formation of loops in layer 2 structures. Root switch is the main backbone of today's internet infrastructure. Defined
agreed on according to the determined priority levels. It by the attacker with a look at the attack vectors indicated.
communicates and configures network messages called The measures to be taken using defensive point of view and
Bridge Protocol Data Units (BPDUs)[11]. The corresponding defense recommendations are presented by type of attacks.
structure includes information messages such as connecting a We share the vulnerabilities we have examined in this study
new device to the network or disconnecting the device from to manage security risks in general scope by controlling the
the network. It is a possible type of attack that the attacker following seven steps.
connected to the network can connect to two interconnected
switches and try to fool the topology by creating BPDUs  While configuring Layer 2 devices, the optimization
messages to pass the connection between the two of the network is prioritized but the risks to be made
switches[8]. Generally, STP is disabled in order not to fall in terms of security (such as SSH, OOB, permit lists,
into these situations. However, disabling STP significantly etc.) are not considered. For this reason, safety risks
increases the likelihood of looping in the network[10]. Since along with network optimization should be
there is no dynamic structure for the self-correction of the considered during configuration.
network acting outside of normal, leaving it out of STP  VLAN 1 with default VLAN should not be used.
increases the open points in the network and increases the Specifically, trunk should not be made over the
effect coefficient of the attacks. default VLAN numbers and a special VLAN must be
defined for the trunk structure.
D. Private VLAN Attack
 Port security features must be enabled.
Isolated subfields created under VLANs are called
Private VLANs (PVLANs). It is a feature used to isolate  Each port should be equipped with the appropriate
traffic within layer 2 itself. When a device running on layer security precaution.
3, such as the Router, is connected to the PVLAN
configuration, it directs all incoming packets. Attack is  The Spacing Tree Protocol attacks must be enabled
shown on Figure 3[12]. Malicious users in the system can for the BPDU Guard feature.
use this situation. The organization of access lists can  Separation of networks must be carried out in layer 2.
prevent the attack.
 Unused ports should be blocked.
With this study, we aimed to draw attention to the
security and confidentiality of internet infrastructure and to
direct the researchers to the security vulnerabilities caused by
the infrastructure. As a result of the study, we tried to create
a security roadmap for system administrators. In future
studies, it is thought to examine the measures to be taken
against these types of attacks in detail. Safe protocol designs
are planned for protocol based vulnerabilities.

Fig. 3. Private VLAN Attack V. ACKNOWLEDGEMENT


This publication was carried out in Internet of Things
Security and Evaluation Center (ISTEC) and Istanbul
Digital Forensics Laboratory (IDFL) sponsored by the
Istanbul Development Agency.
IV. CONCLUSION AND DISCUSSION
As a result, the vulnerabilities resulting from the
functioning of the standard protocols and protocols are
discussed.These vulnerabilities in the layer 2 switches, where
both wired and wireless networks are connected, jeopardize
the security of the entire Internet infrastructure. It is seen that
the protocols designed without considering the security needs
are open to attack by attackers. Within the scope of this
paper, the attacks on IEEE standard protocols or poorly

Authorized licensed use limited to: Sharda University. Downloaded on July 18,2023 at 08:12:19 UTC from IEEE Xplore. Restrictions apply.
VI. REFERENCES
[1] E. Y. GÜVEN and A. Y. ÇAMURCU, Kenar Bilişim Güvenlik
Uygulaması: Kılıç. 2018.
[2] G. C. Idex, Cisco global cloud index: Forecast and methodology.
2019.
[3] H. Zimmermann, “OSI Reference Model - The ISO Model of
Architecture for Open Systems Interconnection,” IEEE Trans.
Commun., vol. 28, no. 4, pp. 425–432, 1980.
[4] A. Arfeen, K. Pawlikowski, D. McNickle, and A. Willig, “Global and
local scaling analysis of link streams in access and backbone core
networks,” Comput. Networks, vol. 149, 2018.
[5] J. Zhao et al., “The Discussion about Mechanism of Data
Transmission in the OSI Model,” in 2018 International Conference on
Transportation & Logistics, Information & Communication, Smart
City (TLICSC 2018), 2018.
[6] Y. Yu, R. R. Hoare, and A. K. Jones, “A CAM-based intrusion
detection system for single-packet attack detection,” IEEE Int. Symp.
Parallel Distrib. Process. Miami, {FL}, vol. 10., pp. 1–8, 2008.
[7] X. S. Y.-W. E. S. S. D. Krothpalli and S. G. R. P. University, A
systematic Approach for evolving VLAN Designs. 2010.
[8] Y. Lai, Q. Pan, Z. Liu, Y. Chen, and Z. Zhou, “Trust-Based Security
for the Spanning Tree Protocol,” IEEE Int. Parallel Distrib. Process.
Symp. Work. Phoenix, {AZ}, vol. 10., pp. 1338–1343, 2014.
[9] A. N. Jabel, S. Manickam, and S. Ramdas, “A study of SIP trunk
security and challenges,” IEEE Int. Conf. Electron. Des. Syst. Appl.
({ICEDSA}), Kuala Lumpur, vol. 10., pp. 239–243, 2012.
[10] G. S. Antonova, “Spanning Tree Protocol Interoperability with Other
Loop Prevention Algorithms,” Can. Conf. Electr. Comput. Eng.
Vancouver, {BC}, vol. 10., pp. 1098–1101, 2007.
[11] Y. N. Krishnan, C. N. Bhagwat, and A. P. Utpat, “Optimizing
spanning tree protocol using port channel,” Int. Conf. Electron.
Commun. Syst. ({ICECS}), Coimbatore, vol. 10., pp. 1–5, 2014.
[12] M. Ahmadi and A. A. M. Zamani, A hyper-cube based modified
Spanning Tree Protocol for VLANs. 11th International Conference on
Advanced Communication Technology, Phoenix Park, 2009.
[13] M. Tu, K. W. Riordan, G. Xie, and S. Yang, A secure contact
protocol for delay tolerant networks. IEEE/ACIS 16th International
Conference on Computer and Information Science ({ICIS}), Wuhan,
2017.
[14] G. Nilsen, J. Torresen, and O. Sorasen, “A variable word-width
content addressable memory for fast string matching,” Proc. Norchip
Conf., vol. 10., pp. 214–217, 2004.
[15] H. Li, P. W. C. Prasad, A. Alsadoon, L. Pham, and A. Elchouemi, An
improvement of backbone network security using DMVPN over an
EZVPN structure. International Conference on Advances in
Electrical, Electronic and Systems Engineering ({ICAEES}),
Putrajaya, 2016.
[16] H. T. F. K. A. H. K. S. A. O. S. T., Dynamic & distributed routing
control for virtualized local area network. 2010.
[17] R. O. Verma and S. S. Shriramwar, “Effective VTP Model for
Enterprise VLAN Security,” Int. Conf. Commun. Syst. Netw.
Technol. Gwalior, vol. 10., pp. 426–430, 2013.
[18] Y. Y. M. Y. Y. J. G. H. S. H., Flexible access management system for
campus {VLAN} based on open-flow. 2011.
[19] K. H. Yeung, F. Yan, and C. Leung, “Improving Network
Infrastructure Security by Partitioning Networks Running Spanning
Tree Protocol,” Int. {Conference} {Internet} {Surveillance}
{Protection} ({ICISP}’06), {Cote} d’Azur, vol. 10., p. 19, 2006.
[20] Z. A. Khattak, S. Sulaiman, and J. A. Manan, Security, trust and
privacy (STP ) framework for federated single sign-on environment.
ICIMU 2011:{Proceedings} of the 5th international {Conference} on
{Information} {Technology} & {Multimedia}, {Kuala} {Lumpur},
2011.
[21] J. R. H. S. G. C. A. J. J. P. R. S. M. Handley and E. Schooler, SIP:
session initiation protocol. C, 2010.

Authorized licensed use limited to: Sharda University. Downloaded on July 18,2023 at 08:12:19 UTC from IEEE Xplore. Restrictions apply.

You might also like