PHAS: a prefix hijack alert system

  • Authors:
  • Mohit Lad;Dan Massey;Dan Pei;Yiguo Wu;Beichuan Zhang;Lixia Zhang

  • Affiliations:
  • University of California, Los Angeles;Colorado State University;AT&T Labs-Research;University of California, Los Angeles;University of Arizona;University of California, Los Angeles

  • Venue:
  • USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
  • Year:
  • 2006

Quantified Score

Hi-index 0.00



In a BGP prefix hijacking event, a router originates a route to a prefix, but does not provide data delivery to the actual prefix. Prefix hijacking events have been widely reported and are a serious problem in the Internet. This paper presents a new Prefix Hijack Alert System (PHAS). PHAS is a real-time notification system that alerts prefix owners when their BGP origin changes. By providing reliable and timely notification of origin AS changes, PHAS allows prefix owners to quickly and easily detect prefix hijacking events and take prompt action to address the problem. We illustrate the effectiveness of PHAS and evaluate its overhead using BGP logs collected from RouteViews. PHAS is light-weight, easy to implement, and readily deployable. In addition to protecting against false BGP origins, the PHAS concept can be extended to detect prefix hijacking events that involve announcing more specific prefixes or modifying the last hop in the path.