Faculté des Sciences appliquées
Faculté des Sciences appliquées

Master's Thesis : LISP Mapping System Under Attack

Gabriel, Mattias ULiège
Promotor(s) : Donnet, Benoît ULiège
Date of defense : 25-Jun-2020/26-Jun-2020 • Permalink :
Title : Master's Thesis : LISP Mapping System Under Attack
Author : Gabriel, Mattias ULiège
Date of defense  : 25-Jun-2020/26-Jun-2020
Advisor(s) : Donnet, Benoît ULiège
Committee's member(s) : Leduc, Guy ULiège
Boigelot, Bernard ULiège
Language : English
Number of pages : 75
Keywords : [en] LISP
[en] Mapping system
[en] DoS attack
[en] Amplification
[en] IP Spoofing
[en] GNS3
[en] Security
[en] Networking
Discipline(s) : Engineering, computing & technology > Computer science
Target public : General public
Institution(s) : Université de Liège, Liège, Belgique
Degree: Master : ingénieur civil en informatique, à finalité spécialisée en "computer systems security"
Faculty: Master thesis of the Faculté des Sciences appliquées


[en] The Locator/Identifier Separation Protocol (LISP) is an encapsulation protocol currently in development. It is based on the potential need to reorganize the routing architecture of the Internet in order to meet the still increasing size of this worldwide network. The key principle of this protocol is to split the current IP address space into an identifier address space and a locator one. In this paradigm, the identifier address serves the purpose of identifying a connection endpoint and is only routable in a stub network, a LISP site. The locator address, in turn, is used to locate this site in the core network. This address is thus globally routable. For nodes from different LISP sites to communicate between each other, a data tunnel has to be put in place between both sites.

Because of this separation principle, LISP needs a mechanism allowing it to translate an address from the identifier space to the locator space: the mapping system. Thanks to this, a LISP site is able to query a mapping, binding both address spaces, by the use of LISP control messages. LISP-DDT is a notable example of mapping system which draws inspiration, regarding its architecture, from the Domain Name System.

Both LISP and LISP-DDT current implementations may be prone to potential security vulnerabilities. In this regard, this work aims at getting a clear understanding of the security aspects of the studied protocols. This approach is done in order to find potential vulnerabilities in these protocols -- while not claiming to be exhaustive -- and take advantage of them in order to develop an attack. That way, a denial-of-service attack by amplification has been found out. This attack exploits the mapping lookup process between a LISP site and the mapping system. In particular, it relies on the fact that the mapping system is able to generate responses that are significantly larger than the queries causing them. This principle can hence be used to produce a lot of network traffic towards a predetermined victim node in order to consume its bandwidth.

As a proof-of-concept for the attack, a GNS3 emulated network topology has been set up and configured. This network therefore simulates an up and running LISP-DDT mapping system -- mimicking the one of the LISP Beta Network, a worldwide deployment of LISP on Internet -- in order to use it as an amplification vector for the attack. Results of the attack on this enclosed environment are analysed in this work. It proves the feasibility of the attack in the current implementations of LISP and LISP-DDT.

Finally, a brief discussion about possible mitigation techniques for the attack is provided. Among these mitigation techniques, one can cite the limitation of the reply size, the rate limitation or even anti-spoofing techniques. Either way, we hope to draw the LISP IETF Working Group's attention to the necessity of addressing this issue.



Access lisp_dos.pdf
Size: 1.45 MB
Format: Adobe PDF
Access lisp_dos_summary.pdf
Size: 135.98 kB
Format: Adobe PDF


  • Gabriel, Mattias ULiège Université de Liège > Master ingé. civ. info., à fin.


Committee's member(s)

  • Leduc, Guy ULiège Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Réseaux informatiques
    ORBi View his publications on ORBi
  • Boigelot, Bernard ULiège Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Informatique
    ORBi View his publications on ORBi
  • Total number of views 59
  • Total number of downloads 368

All documents available on MatheO are protected by copyright and subject to the usual rules for fair use.
The University of Liège does not guarantee the scientific quality of these students' works or the accuracy of all the information they contain.