The BGP monitoring and alarming system to detect and prevent anomaly IP prefix advertisement

  • Authors:
  • Je-Kuk Yun;Beomseok Hong;Yanggon Kim

  • Affiliations:
  • Towson University, Towson, MD;Towson University, Towson, MD;Towson University, Towson, MD

  • Venue:
  • Proceedings of the 2013 Research in Adaptive and Convergent Systems
  • Year:
  • 2013

Quantified Score

Hi-index 0.00

Visualization

Abstract

The Border Gateway Protocol (BGP) is the routing protocol that enables large IP networks to form a single Internet. The main objective of BGP is to exchange Network Layer Reachability Information (NLRI) between Autonomous Systems (ASes) so that a BGP speaker can announce their IP prefix and find a path to the destination of packets. However, a BGP hijacker can pretend to be any third BGP speaker because BGP itself doesn't have the functionality of validating BGP messages. In order to solve this problem, BGP speaker needs to validate messages coming from other BGP speakers. In this paper, we propose the BGP Monitoring and Alarm System (BGPMAS) which monitors incoming announcements and starts to make sounds of the alarm if the BGPMAS detects an invalid announcement. In addition, the BGPMAS provides AS administrators with web service to show where the invalid message is coming from so that the administrators can rapidly deal with the IP prefix hijacking by ignoring the malicious BGP router's prefix. In order to set this environment, the BGPMAS needs to be connected to the BGP router and the AS administrator needs the Alarm Application (AA) which will make sounds of the alarm and the AA receives a signal from the BGPMAS when the BGPMAS detect an invalid announcement. As a result, the BGP routers can easily have the RPKI-based origin validation function with the BGPMAS.