Delayed Internet routing convergence
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
An analysis of BGP multiple origin AS (MOAS) conflicts
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Understanding BGP misconfiguration
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Observation and analysis of BGP behavior under stress
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
BGP routing stability of popular destinations
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Detection of Invalid Routing Announcement in the Internet
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
A loop-free path-finding algorithm: specification, verification and complexity
INFOCOM '95 Proceedings of the Fourteenth Annual Joint Conference of the IEEE Computer and Communication Societies (Vol. 3)-Volume - Volume 3
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
Implications of the topological properties of Internet traffic on traffic engineering
Proceedings of the 2004 ACM symposium on Applied computing
Toward Secure Routing Infrastructures
IEEE Security and Privacy
Optimizing BGP security by exploiting path stability
Proceedings of the 13th ACM conference on Computer and communications security
A study of prefix hijacking and interception in the internet
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A light-weight distributed scheme for detecting ip prefix hijacks in real-time
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
SEM: A Security Evaluation Model for Inter-domain Routing System in the Internet
IPOM '08 Proceedings of the 8th IEEE international workshop on IP Operations and Management
Locating prefix hijackers using LOCK
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Hi-index | 0.00 |
The Domain Name System (DNS) is an essential part ofthe Internet infrastructure and provides fundamental services,such as translating host names into IP addresses forInternet communication. The DNS is vulnerable to a numberof potential faults and attacks. In particular, false routingannouncements can deny access to the DNS service orredirect DNS queries to a malicious impostor. Due to thehierarchical DNS design, a single fault or attack againstthe routes to any of the top level DNS servers can disruptInternet services to millions of users. In this paper we proposea path-filtering approach to protect the routes to thecritical top level DNS servers. Our approach exploits thehigh degree of redundancy in top level DNS servers andalso exploits the observation that popular destinations, includingtop level DNS servers, are well connected via stableroutes. Our path-filter restricts the potential top levelDNS server route changes to be within a set of establishedpaths. Heuristics derived from routing operations are usedto adjust the potential routes over time. We tested our path-filteringdesign against BGP routing logs and the resultsshow that the design can effectively ensure correct routes totop level DNS servers without impacting DNS service availability.