A light-weight distributed scheme for detecting ip prefix hijacks in real-time
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Locating prefix hijackers using LOCK
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Emulation on the internet prefix hijacking attack impaction
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
| Hi-index | 0.00 |
The Border Gateway Protocol (BGP), and hence the Internet, remains critically vulnerable to a range of prefix forgery attacks. In this paper, we address these attacks by proposing a non-cryptographic, incrementally deployable mechanismto probabilistically detect forged BGP origin advertisements. Upon receiving an advertisement from a "suspicious" origin, the receiving domain intelligently probes other ASes about the received information. Any dissenting information indicates potential forgery or error, and is reported by the polled ASes to the true origin and processed appropriately. In this design, we exploit the fact that the highly connected AStopology makes it difficult to block the dissemination of information as it traverses the Internet. We evaluate the effectiveness of our probing mechanism via simulation on realistic Internet topologies. The experiments show that 98% of forgeries can be detected even when as few as 10% of the ASes participate in the protocol under a naïve polling stratagem. Moreover, we show that judicious node selection can further improve detection rates while minimizing the number of probes.