Comment Here's why their paper is 100% incorrect. (Score 2) 166
-----
1. There are three generally agreed-upon planes, not two - control, management, and data.
2. The described methodology isn't novel. Observing the effects of attacks is something attackers do routinely, as is attack selectivity in order to garner maximum impact. This goes back a couple of decades with regards to DDoS attacks in particular.
3. Routers will continue to forward and process priority 6/7 traffic - i.e., control-plane traffic like BGP - whilst dropping enough data-plane traffic to ensure sufficient link bandwidth & RP/LC CPU overhead to keep routing sessions up and process routing updates. This undercuts the central thesis of the paper.
4. Re-marking all priority 6/7 traffic at the edge is a best current practice (BCP) for network operators; this prevents attackers from sending floods of priority 6/7 traffic in order to force punts.
5. iACLs and GTSM, two more BCPs, protect BGP sessions against direct attack via SYN-flooding, et. al.
6. Control-plane policing (CoPP) is yet another BCP which indirectly limits the number of updates/sec via rate-limiting control-plane traffic exchanged between routers.
So, the assertions of novelty in the paper aren't really justified, nor are all the assumptions and assertions regarding the way routers work and the way they handle control-plane traffic. Also, standard BCPs to protect control-plane traffic aren't taken into account. Nor are routine defensive BCPs discussed and taken into account.
Finally, there are other mechanisms which are considerably more effective in disrupting control-plane communication due to high RP CPU which aren't touched upon in the paper, nor are they cited in references. Though there are defenses against those attack mechanisms, as well, they aren't as well-known.
It's generally a good idea for researchers to consult with members of the global operational security (opsec) community while looking for topics and methodologies which are truly unique. This saves a lot of time and effort in duplicating existing work and going down paths which don't lead to truly novel research and results.
It's also a good idea for researchers investigating routing resilience to launch real attacks (in a lab environment) on real routers, rather than just theorizing and simulating, in order to gain an understanding of how they actually behave under attack, and how the various BCPs and other defensive mechanisms come into play.
This