The Internet is a collection of large networks (ISPs) that work
together.
Local and inter-domain routing
move traffic within networks;
TCP/IP handles routing and
messaging; BGP announces
routes between networks;
DNS maps symbolic names
(e.g. www.cc.gatech.edu) to IP addresses.
| Tier | Description |
|---|---|
| Tier 1 | Can reach every other network through peering (≈17 worldwide) |
| Tier 2 | Peers some access, purchases some transit |
| Tier 3 | Purchases all transit from other networks |
Peering: ISPs connect networks; traffic flows in exchange for access.
Four layers: Application (message) → Transport (TCP/UDP, segment) → Network (IP, packet) → Link (frame). Each layer adds headers; IP routes across network boundaries.
Ports are in TCP header, not IP. IP has source/dest address only.
IP is connectionless, unreliable, and best effort. No ordering or delivery guarantees. Data corruption, packet loss, duplication, and out-of-order delivery can occur.
TTL decremented each hop; packet dropped if TTL=0 (prevents infinite loops). ICMP reports errors (e.g. packet dropped) back to source.
Packet: Source 121.42.33.12 → Destination
132.14.11.51. Route: Alice → ISP gateway → cross
network → Office gateway → Bob. Multiple hops; no delivery
guarantee.
The client is trusted to embed the correct source IP. Anyone can send packets with arbitrary source IP via raw sockets (e.g. Libnet). Response goes to the forged address.
Maps IP address → MAC address (local network). ARP request is broadcast; any node can reply.
Malicious node A sends ARP reply to gateway with A's MAC for victim B's IP. If A's reply arrives first, gateway sends B's traffic to A. A can read/inject packets into B's session (e.g. WiFi networks).
Connection-oriented, preserves order. Sender breaks data into packets, attaches sequence numbers; receiver reassembles. Built on unreliable IP.
BGP decides routing between Autonomous Systems (AS). An AS is a connected group of IP prefixes under one routing policy. Within an AS, protocols like OSPF handle routing; between ASes, BGP does.
Route updates are not authenticated. Anyone can inject false advertisements. Traffic to a victim can be rerouted to the attacker. Example: YouTube–Pakistan mishap - Pakistan Telecom advertised routes for YouTube; traffic worldwide was sent to Pakistan.
Normal: Alestra (Mexico) → PCCW (Texas) → Qwest (DC). Hijacked: Guadalajara → Washington DC via Belarus/Moscow. Person in DC browsing the web could not tell via traceroute that HTTP responses were routed through Moscow.
| Attack | Characteristic |
|---|---|
| DoS | Hack routing table; add false route or kill legitimate one |
| Sniffing | Control device on route; use BGP to detour traffic through malicious site |
| Routing to malicious | Redirect traffic from legitimate host to attacker-controlled site |
| Route instabilities | Unpredictable; can backfire on attacker; not yet widely exploited |
| Topology revelation | Gain access to routing table; discover peer relations among ASes |
Each AS obtains a certificate from a Regional Internet Registry (RIR). Attach Route Origination Attestation (ROA) to path advertisements - proves the AS is authorized to advertise those address blocks.
Issuer: owner of address blocks. Subject: AS(s) authorized to advertise. Digitally signed by owner. Protects against erroneous/malicious BGP speakers.
Speaker (AS) authorizes listener (transit AS) to use the route. Includes speaker cert, address block, AS list, neighbor, expiration. Each AS along path must authorize the next.
To validate a route: address attestation for each org owning address block; route attestation for each AS along path; all certs must be available and valid.
Classic Bellovin paper on TCP/IP vulnerabilities.
Challenges when S-BGP or RPKI is deployed incrementally.