Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
PHAS: a prefix hijack alert system
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A light-weight distributed scheme for detecting ip prefix hijacks in real-time
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
How secure are secure interdomain routing protocols
Proceedings of the ACM SIGCOMM 2010 conference
iSPY: detecting IP prefix hijacking on my own
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
The Border Gateway Protocol (BGP) was designed without security aspects in mind. This fact makes the Internet vulnerable to attacks: complete networks can be hijacked to blackhole or intercept traffic. In this work, we extend the set of known hijacking attacks with a real case study on AS hijacking, carried out in order to send spam from a victim's network. This type of attack is more sophisticated than common IP prefix hijacking, and is aimed at a long-term benefit, with effective use for several months. On our poster, we thoroughly investigate the aforementioned incident based on live data from both the control and the data plane. Our analysis yields insights into the attacker's proceeding to covertly hijack a whole autonomous system, mislead an upstream provider and abuse an unallocated address space. We further discuss the potential for prevention and reveal shortcomings of state of the art BGP security extensions like RPKI. Based on these findings, we outline the concept of an early warning system for AS hijacking with pre-emptive capabilities.