Stable Internet routing without global coordination
Proceedings of the 2000 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Delayed Internet routing convergence
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
On inferring autonomous system relationships in the internet
IEEE/ACM Transactions on Networking (TON)
An analysis of BGP multiple origin AS (MOAS) conflicts
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
On inferring and characterizing internet routing policies
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
SPV: secure path vector routing for securing BGP
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Aggregated path authentication for efficient BGP security
Proceedings of the 12th ACM conference on Computer and communications security
MIRO: multi-path interdomain routing
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Building an AS-topology model that captures route diversity
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Modeling adoptability of secure BGP protocol
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Quantifying path exploration in the internet
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Optimizing BGP security by exploiting path stability
Proceedings of the 13th ACM conference on Computer and communications security
AS relationships: inference and validation
ACM SIGCOMM Computer Communication Review
Listen and whisper: security mechanisms for BGP
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Design and implementation of a routing control platform
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Understanding Resiliency of Internet Topology against Prefix Hijack Attacks
DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Accurate Real-time Identification of IP Prefix Hijacking
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
PHAS: a prefix hijack alert system
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A study of prefix hijacking and interception in the internet
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A light-weight distributed scheme for detecting ip prefix hijacks in real-time
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Pretty Good BGP: Improving BGP by Cautiously Adopting Routes
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
Ispy: detecting ip prefix hijacking on my own
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Probabilistic IP prefix authentication (PIPA) for prefix hijacking
CFI '09 Proceedings of the 4th International Conference on Future Internet Technologies
Safeguarding data delivery by decoupling path propagation and adoption
INFOCOM'10 Proceedings of the 29th conference on Information communications
Locating prefix hijackers using LOCK
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
iSPY: detecting IP prefix hijacking on my own
IEEE/ACM Transactions on Networking (TON)
Abnormally malicious autonomous systems and their internet connectivity
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
Prefix hijacking, a misbehavior in which a misconfigured or malicious BGP router originates an IP prefix that the router does not own, is becoming an increasingly serious security problem on the Internet. In this paper, we conduct a first comprehensive study on incrementally deployable mitigation solutions against prefix hijacking. We first propose a novel reactive detection-assisted solution based on the idea of bogus route purging and valid route promotion. Our simulations based on realistic settings show that purging bogus routes at 20 highest-degree ASes reduces the polluted portion of the Internet by a random prefix hijack from 50% down to 24%, and adding promotion further reduces the remaining pollution by 33% ~ 57%, We prove that our proposed route purging and promotion scheme preserve the convergence properties of BGP regardless of the number of promoters. We are the first to demonstrate that detection systems based on a limited number of BGP feeds are subject to detection evasion by hijackers. Motivated the need for proactive defenses to complement reactive mitigation response, we evaluate customer route filtering, a best common practice among large ISPs today, and show its limited effectiveness. We also show the added benefits of combining route purging-promotion with customer route filtering.