OSI Layer 3—The Navigator: Reachability, Direction, and Global Movement

Source: Dev.to

Where paths are chosen, territories trusted, and identity expressed across distance.

The Navigator – Layer 3 (Network Layer)

The Navigator determines how packets traverse the world—which routes are chosen, which territories are trusted, and how identity is expressed across distance.

• Layer 2’s Gatekeeper governs the local threshold.
• Layer 3 is where:
  • local frames become routable packets
  • adjacency becomes reachability
  • proximity becomes global addressing
  • the local world opens to everywhere

Attacker whispers:

• “What if I redraw your maps?”
• “What if I claim to be the better path?”
• “What if I make your traffic pass through my hands?”
• “What if I convince the world you don’t exist?”

Layer 3 is the cartographic layer—the most geographically exploitable. The Navigator is the keeper of paths and the charter of routes.

• Gatekeeper (Layer 2) asks: “Are you permitted here?”
• Forge (Layer 1) provides the physical medium.
• Navigator abstracts that medium into logical topology.

The Navigator does not interpret meaning or manage sessions—what travels across the world arrives where it was meant to go, not where an adversary wants it to go. This is the layer of maps, and maps can lie.

AI Interaction with Layer 3

What AI Excels At

• AI‑assisted detection of route anomalies
• ML‑based path‑integrity scoring
• Predictive detection of prefix hijacks
• Identifying anomalous source addresses
• Correlating routing changes with threat intelligence

What AI Cannot Do

• Understand geopolitical motives behind routing decisions
• Determine economic pressures on path selection
• Distinguish legitimate network changes from attacks without context
• Replace human judgment on trust relationships between autonomous systems

Bottom line: AI charts the paths. It does not understand the politics of the terrain.

Motifs & Attack Vectors

1. Maps That Lead Astray

Attack Vectors

• Prefix hijacking (claiming others’ address space)
• Path manipulation (AS‑path prepending abuse)
• Route leaks (accidental or malicious)
• Sub‑prefix hijacking (more‑specific route injection)

AI‑Driven Variants

• Automated hijack‑detection evasion
• ML‑optimized announcement timing
• Intelligent prefix selection for maximum impact

Technical Resolutions

# BGP – RPKI validation
router bgp 65000
  bgp bestpath prefix-validate allow-invalid
  neighbor 192.0.2.1 remote-as 65001

# Route filtering
ip prefix-list CUSTOMER permit 203.0.113.0/24
route-map CUSTOMER-IN permit 10
  match ip address prefix-list CUSTOMER

# RPKI deployment (validate routes against ROA)
rpki-client -v

2. Voices From Nowhere

Attack Vectors

• Reflection/amplification attacks
• Bypass of IP‑based authentication
• Attribution evasion
• Denial‑of‑service with spoofed sources

AI‑Driven Variants

• Intelligent spoofing pattern rotation
• ML‑based detection evasion
• Automated amplification discovery

Technical Resolutions

# Router – uRPF (Unicast Reverse Path Forwarding)
interface GigabitEthernet0/0
  ip verify unicast source reachable-via rx

# Linux – ingress filtering (source address validation)
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

# BCP38 implementation
ip access-list extended ANTISPOOFING
  deny ip 10.0.0.0 0.255.255.255 any
  deny ip 172.16.0.0 0.15.255.255 any
  deny ip 192.168.0.0 0.0.255.255 any
  permit ip any any

3. Signposts That Point to Cliffs

Attack Vectors

• RIP/OSPF/EIGRP route injection
• Metric manipulation
• Routing‑protocol exploitation
• Black‑hole creation

AI‑Driven Variants

• Automated routing‑protocol fuzzing
• ML‑optimized metric selection
• Intelligent convergence exploitation

Technical Resolutions

# OSPF – authentication
router ospf 1
  area 0 authentication message-digest
interface GigabitEthernet0/0
  ip ospf message-digest-key 1 md5 SecureKey123

# Route validation
ip prefix-list VALID-ROUTES permit 10.0.0.0/8 le 24

4. Echoes That Deceive

Attack Vectors

• ICMP redirect attacks
• Ping‑of‑death / oversized packets
• Smurf attacks (broadcast amplification)
• Path MTU manipulation

Technical Resolutions

# Linux – ICMP hardening
# Ignore ICMP redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects

# Ignore broadcast pings
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Router – ICMP rate limiting
ip icmp rate-limit unreachable 500

5. Walls With Hidden Doors

Attack Vectors

• Source‑routing exploitation
• VRF leaking
• Tunnel abuse (GRE, IP‑in‑IP)
• NAT traversal exploitation

Technical Resolutions

# Disable source routing
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route

# Firewall – segment enforcement
iptables -A FORWARD -s 10.1.0.0/16 -d 10.2.0.0/16 -j DROP

6. Floods That Drown the Paths

Attack Vectors

• Volumetric flooding
• Routing‑table exhaustion
• TTL‑expiry attacks
• Fragmentation attacks

AI‑Driven Variants

• ML‑optimized attack traffic patterns
• Intelligent target selection
• Adaptive rate adjustment

Technical Resolutions

# Rate limiting (example on a Cisco device)
rate-limit input access-group 101 2000000 250000 250000 \
  conform-action transmit exceed-action drop

# Blackhole routing
ip route 203.0.113.66/32 Null0

AI Monitoring Capabilities

• Unexpected route announcements
• Anomalous AS‑path changes
• Prefix hijack indicators
• Routing‑table instability

Systems Can

• Score route trustworthiness
• Detect path manipulation
• Identify routing loops
• Flag convergence anomalies

AI Correlates

• Layer 2 adjacency changes
• Layer 3 routing shifts
• Layer 4 connection failures
• Geographic inconsistencies

AI Cannot

• Understand geopolitical routing decisions

The Navigator maps the world; AI helps us read the map, but the terrain’s politics remain a human domain.

Economic Pressures on Carriers

• Determine economic pressures on carriers

Business Decisions vs. Attacks

• Distinguish business decisions from attacks

Human Judgment on AS Trust Relationships

• Replace human judgment on AS trust relationships

The Navigator

• The Navigator governs movement.
• The Navigator protects the maps that connect the world

Layer 3 Overview

• Governs addressing, routing, and global reachability
• BGP hijacking, IP spoofing, and route manipulation dominate this layer
• AI detects path anomalies but cannot understand routing politics
• Routing integrity is the foundation of global connectivity

Soft Armor Labs

• Soft Armor Labs—Care‑based security for the human layer.