Abstract: This paper uses Finite State Machine(FSM) to analyze Border Gateway Protocol(BGP), whose results show that the update mechanism of BGP routers has safe defects. A Distributed Denial of Service(DDoS) attack method is proposed for routers with BGP. According to the communication data of BGP routers, a test software named RouterTest is designed and implemented to simulate DDoS attacks on routers. Experimental results demonstrate the effectiveness of the attack. Corresponding precautions against the attacks are also proposed.

Key words: router, Border Gateway Protocol(BGP), Distributed Denial of Service(DDoS) attack, Finite State Machine(FSM), routing table computing

摘要： 利用有限状态机对BGP协议进行分析，结果表明使用BGP协议通信的路由器其路由表更新机制存在安全漏洞，在此基础上，提出一种针对BGP路由器的分布式拒绝服务(DDoS)攻击方法，并根据BGP路由器的通信数据，设计实现一款测试软件RouterTest用于模拟对路由器的DDoS攻击，实验结果证明了该攻击方法的有效性，并针对该攻击提出相应的防范措施。

关键词: 路由器, BGP协议, 分布式拒绝服务攻击, 有限状态机, 路由表计算

CLC Number: 

• TP393