Affiliation:
1. Cornell University, Ithaca, NY
Abstract
There have been many incidents of prefix hijacking in the Internet. The hijacking AS can blackhole the hijacked traffic. Alternatively, it can transparently intercept the hijacked traffic by forwarding it onto the owner. This paper presents a study of such prefix hijacking and interception with the following contributions: (1). We present a methodology for prefix interception, (2). We estimate the fraction of traffic to any prefix that can be hijacked and intercepted in the Internet today, (3). The interception methodology is implemented and used to intercept real traffic to our prefix, (4). We conduct a detailed study to detect ongoing prefix interception.
We find that: Our hijacking estimates are in line with the impact of past hijacking incidents and show that ASes higher up in the routing hierarchy can hijack a significant amount of traffic to any prefix, including popular prefixes. A less apparent result is that the same holds for prefix interception too. Further, our implementation shows that intercepting traffic to a prefix in the Internet is almost as simple as hijacking it. Finally, while we fail to detect ongoing prefix interception, the detection exercise highlights some of the challenges posed by the prefix interception problem.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications,Software
Reference53 articles.
1. "Nanog Mailing List " http://www.nanog.org/mailinglist.html. "Nanog Mailing List " http://www.nanog.org/mailinglist.html.
2. "7007 Explanation and Apology "Apr 1997 http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html. "7007 Explanation and Apology "Apr 1997 http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html.
3. M. Lad D. Massey D. Pei Y. Wu B. Zhang and L. Zhang "PHAS: A prefix hijack alert system " in Proc. of USENIX Security symposium 2006. M. Lad D. Massey D. Pei Y. Wu B. Zhang and L. Zhang "PHAS: A prefix hijack alert system " in Proc. of USENIX Security symposium 2006.
4. Pretty Good BGP: Improving BGP by Cautiously Adopting Routes
5. T. Wan and P. C. van Oorschot "Analysis of BGP Prefix Origins During Google's May 2005 Outage " in Proc. of Security in Systems and Networks 2006. T. Wan and P. C. van Oorschot "Analysis of BGP Prefix Origins During Google's May 2005 Outage " in Proc. of Security in Systems and Networks 2006.
Cited by
101 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Serial BGP Hijackers: A Reproducibility Study and Assessment of Current Dynamics;2024 8th Network Traffic Measurement and Analysis Conference (TMA);2024-05-21
2. Routing Attacks on Cryptocurrency Mining Pools;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19
3. Detection of BGP Hijacking based on AS Hegemony;2024 International Conference on Electronics, Information, and Communication (ICEIC);2024-01-28
4. Research on SDN traffic anomaly detection technology based on knowledge graph;Fifth International Conference on Artificial Intelligence and Computer Science (AICS 2023);2023-10-17
5. Efficient BGP Intrusion Detection Model Using Machine Learning: A Comparative Study with AdaBoost as the Optimal Classifier;2023 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE);2023-09-24