More Web Proxy on the site http://driver.im/

Article

Free access

A study of prefix hijacking and interception in the internet

Authors:

Hitesh Ballani,

Xinyang ZhangAuthors Info & Claims

SIGCOMM '07: Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications

Pages 265 - 276

https://doi.org/10.1145/1282380.1282411

Published: 27 August 2007 Publication History

Abstract

There have been many incidents of prefix hijacking in the Internet. The hijacking AS can blackhole the hijacked traffic. Alternatively, it can transparently intercept the hijacked traffic by forwarding it onto the owner. This paper presents a study of such prefix hijacking and interception with the following contributions: (1). We present a methodology for prefix interception, (2). We estimate the fraction of traffic to any prefix that can be hijacked and intercepted in the Internet today, (3). The interception methodology is implemented and used to intercept real traffic to our prefix, (4). We conduct a detailed study to detect ongoing prefix interception.

We find that: Our hijacking estimates are in line with the impact of past hijacking incidents and show that ASes higher up in the routing hierarchy can hijack a significant amount of traffic to any prefix, including popular prefixes. A less apparent result is that the same holds for prefix interception too. Further, our implementation shows that intercepting traffic to a prefix in the Internet is almost as simple as hijacking it. Finally, while we fail to detect ongoing prefix interception, the detection exercise highlights some of the challenges posed by the prefix interception problem.

References

[1]

"Nanog Mailing List," http://www.nanog.org/mailinglist.html.

[2]

"7007 Explanation and Apology,"Apr 1997, http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html.

[3]

M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Zhang, "PHAS: A prefix hijack alert system," in Proc. of USENIX Security symposium, 2006.

Digital Library

[4]

J. Karlin, S. Forrest, and J. Rexford, "Pretty Good BGP: Improving BGP by Cautiously Adopting Routes," in Proc. of ICNP, 2006.

Digital Library

[5]

T. Wan and P. C. van Oorschot, "Analysis of BGP Prefix Origins During Google's May 2005 Outage," in Proc. of Security in Systems and Networks, 2006.

[6]

P. Boothe, J. Hiebert, and R. Bush, "Short-Lived Prefix Hijacking on the Internet," NANOG 36 meeting, 2006, http://www.nanog.org/mtg-0602/pdf/boothe.pdf.

[7]

Y.-C. Hu, A. Perrig, and M. Sirbu, "SPV: secure path vector routing for securing BGP," in Proc. of ACM SIGCOMM, 2004.

Digital Library

[8]

S. Kent, C. Lynn, and K. Seo, "Secure border gateway protocol (S-BGP)," IEEE Journal on Selected Areas in Communication, vol. 18, no. 4, 2000.

Digital Library

[9]

L. Subramanian, V. Roth, I. Stoica, S. Shenker, and R. Katz, "Listen and whisper: Security mechanisms for BGP," in Proc. of USENIX/ACM NSDI, 2004.

Digital Library

[10]

T. Wan, E. Kranakis, and P. van Oorschot, "Pretty Secure BGP, psBGP," in Proc. of NDSS, 2005.

[11]

R. White, "Architecture and Deployment Considerations for Secure OriginBGP (soBGP)," draft-white-sobgp-architecture-01, Nov 2005.

[12]

W. Aiello, J. Ioannidis, and P. McDaniel, "Origin authentication in interdomain routing," in Proc. of conference on Computer and communications security (CCS), 2003.

Digital Library

[13]

B. Smith and J. Garcia-Luna-Aceves, "Securing the Border Gateway Routing Protocol," in Proc. of Global Internet, 1996.

[14]

G. Goodell, W. Aiello, T. Griffin, J. Ioannidis, P. McDaniel, and A. Rubin, "Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing," in Proc. of NDSS, 2003.

[15]

C. Kruegel, D. Mutz, W. Robertson, and F. Valeur, "Topology-based Detection of Anomalous BGP Messages," LNCS, 2003.

[16]

L. Wang, X. Zhao, D. Pei, R. Bush, D. Massey, A. Mankin, S. F. Wu, and L. Zhang, "Protecting BGP Routes to Top Level DNS Servers," in Proc. of ICDCS, 2003.

Digital Library

[17]

X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. F. Wu, and L. Zhang, "Detection of Invalid Routing Announcement in the Internet," in Proc. of DSN, 2002.

Digital Library

[18]

S. T. Teoh, K. Zhang, S. -M. Tseng, K. -L. Ma, and S. F. Wu, "Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP," in Proc. of ACM workshop on Visualization and data mining for computer security, 2004.

Digital Library

[19]

"RIPE MyASN service," http://www.ris.ripe.net/myasn.html.

[20]

X. Hu and Z. M. Mao, "Accurate Real-time Identification of IP Prefix Hijacking," in Proc. of IEEE Security and Privacy (Oakland), 2007.

Digital Library

[21]

C. Zheng, L. Ji, D. Pei, J. Wang, and P. Francis, "A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Realtime," in Proc. of ACM SIGCOMM, August 2007.

Digital Library

[22]

O. Nordstrom and C. Dovrolis, "Beware of BGP attacks," SIGCOMM Comput. Commun. Rev., vol. 34, no. 2, 2004.

Digital Library

[23]

A. Ramachandran and N. Feamster, "Understanding the Network-Level Behaviorof Spammers," in Proc. of ACM SIGCOMM, 2006.

Digital Library

[24]

J. Kim, S. Y. Ko, D. M. Nicol, X. A. Dimitropoulos, and G. F. Riley, "A BGP Attack Against Traffic Engineering," in Proc. of WSC, 2004.

Digital Library

[25]

"Route Views Project Page," May 2006, www.route-views.org.

[26]

X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. F. Wu, and L. Zhang, "An analysis of BGP multiple origin AS (MOAS) conflicts," in Proc. of ACM SIGCOMM IMW, 2001.

Digital Library

[27]

C. Labovitz, A. Ahuja, R. Wattenhofer, and V. Srinivasan, "The Impact of Internet Policy and Topology on Delayed Routing Convergence," in Proc. of IEEE INFOCOM, 2001.

[28]

F. Wang and L. Gao, "On Inferring and Characterizing Internet Routing Policies," in Proc. of ACM SIGCOMM conference on Internet measurement, 2003.

Digital Library

[29]

"BGP Best Path Selection Algorithm," July 2006, http://www.cisco.com/warp/public/459/25.shtml.

[30]

L. Gao, "On Inferring Autonomous System relationships in the Internet," IEEE/ACM Trans. Netw., vol. 9, no. 6, 2001.

Digital Library

[31]

B. Huffaker, "CAIDA AS Ranking Project," July 2006, http://www.caida.org/analysis/topology/rank_as/.

[32]

"Tier 1 network - Wikipedia entry," July 2006, http://en.wikipedia.org/wiki/Tier_1_network.

[33]

J. Rexford, J. Wang, Z. Xiao, and Y. Zhang, "BGP routing stability of popular destinations," in Proc. of Internet Measurment Workshop, 2002.

Digital Library

[34]

"Alexa Top Sites," http://www.alexa.com/site/ds/top_sites?ts_mode=global.

[35]

A. Ma, "CAIDA AS Relationships," July 2006, http://www.caida.org/data/active/as-relationships/.

[36]

"Quagga Routing Suite," Apr 2006, http://www.quagga.net/.

[37]

G. Huston, "Auto-Detecting Hijacked Prefixes?" RIPE 50 meeting, 2005, http://www.ripe.net/ripe/meetings/ripe-50/presentations/index.html.

[38]

H. Madhyastha, T. Isdal, M. Piatek, C. Dixon, T. Anderson, A. Krishnamurthy, and A. Venkataramani., "iPlane: An Information Plane for Distributed Services," in Proc. of OSDI, 2006.

Digital Library

[39]

B. Chun, D. Culler, T. Roscoe, A. Bavier, L. Peterson, M. Wawrzoniak, and M. Bowman, "PlanetLab: An Overlay Testbed for Broad-Coverage Services," ACM SIGCOMM Computer Communication Review, vol. 33, no. 3, July 2003.

Digital Library

[40]

A. Broido and kc claffy, "Analysis of RouteViews BGP data: policy atoms," in Proc. of network-related data management (NRDM) workshop, 2001.

[41]

Z. M. Mao, J. Rexford, J. Wang, and R. H. Katz, "Towards an accurate AS-level traceroute tool," in Proc. of ACM SIGCOMM, 2003.

Digital Library

[42]

"SprintLink's BGP Policy," May 2006, http://www.sprintlink.net/policy/bgp.html.

[43]

D. Wendlandt, I. Avramopoulos, D. G. Andersen, and J. Rexford, "Don't Secure Routing Protocols, Secure Data Delivery," in Proc. of workshop on Hot Topics in Networks, 2006.

[44]

M. Lad, R. Oliveira, B. Zhang, and L. Zhang, "Understanding Resiliency of Internet Topology Against Prefix Hijack Attacks," in Proc. of IEEE/IFIP DSN, 2007.

Digital Library

[45]

W. Mühlbauer, A. Feldmann, O. Maennel, M. Roughan, and S. Uhlig, "Building an AS-topology model that captures route diversity," in Proc. of ACM Sigcomm, 2006.

Digital Library

[46]

S. Convery, D. Cook, and M. Franz, "An Attack Tree for the Border Gateway Protocol," draft-convery-bgpattack-01, July 2001.

[47]

R. Mahajan, D. Wetherall, and T. Anderson, "Understanding BGP misconfiguration," in Proc. of ACM SIGCOMM, 2002, pp. 3--16.

Digital Library

[48]

N. Feamster, J. Jung, and H. Balakrishnan, "An empirical study of 'bogon' route advertisements," SIGCOMM Comput. Commun. Rev., vol. 35, no. 1, 2005.

Digital Library

[49]

N. Feamster and H. Balakrishnan, "Detecting BGP Configuration Faults with Static Analysis," in Proc. of Symp. on Networked Systems Design and Implementation (NSDI), 2005.

Digital Library

[50]

F. Baker, B. Foster, and C. Sharp, "RFC 3924 - Cisco Architecture for Lawful Intercept in IP Networks," Oct 2004.

[51]

"Content Verification - Man in the Middle Attack," Jan 2007, http://www.contentverification.com/man-in-the-middle/index.html.

[52]

"Mattias Eriksson, An Example of a Man-in-the-middle Attack Against Server Authenticated SSL-sessions," Jan 2007, http://www.cs.umu.se/education/examina/Rapporter/MattiasEriksson.pdf.

[53]

K. Fujiwara, "DNS Process-in-the-middle Attack," ICANN Presentation, 2005, http://www.icann.org/presentations/dns-attack-MdP-05apr05.pdf.

Cited By

Frieß JMirdita DSchulmann HWaidner MLuo BLiao XXu JKirda ELie D(2024)Byzantine-Secure Relying Party for Resilient RPKIProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690368(49-63)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690368
Chao DXu DGao FZhang CZhang WZhu L(2024)A Systematic Survey on Security in Anonymity Networks: Vulnerabilities, Attacks, Defenses, and FormalizationIEEE Communications Surveys & Tutorials10.1109/COMST.2024.335000626:3(1775-1829)Online publication date: Nov-2025
https://doi.org/10.1109/COMST.2024.3350006
Pauley EBarford PMcDaniel PCalandrino JTroncoso C(2023)DSCOPEProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620572(5989-6006)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620572
Show More Cited By

Index Terms

A study of prefix hijacking and interception in the internet
1. Networks
  1. Network protocols
    1. Network layer protocols
      1. Routing protocols

Recommendations

A study of prefix hijacking and interception in the internet

There have been many incidents of prefix hijacking in the Internet. The hijacking AS can blackhole the hijacked traffic. Alternatively, it can transparently intercept the hijacked traffic by forwarding it onto the owner. This paper presents a study of ...
Emulation on the internet prefix hijacking attack impaction
ICT-EurAsia'13: Proceedings of the 2013 international conference on Information and Communication Technology

There have been many incidents of IP prefix hijacking by BGP protocol in the Internet. Attacks may hijack victim's address space to disrupt network services or perpetrate malicious activities such as spamming and DoS attacks without disclosing identity. ...
IP prefix hijacking detection using idle scan
APNOMS'09: Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services

The Internet is comprised of a lot of interconnected networks communicating reachability information using BGP. Due to the design based on trust between networks, IP prefix hijacking can occurs, which is caused by wrong routing information. This results ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGCOMM '07: Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications

August 2007

432 pages

ISBN:9781595937131

DOI:10.1145/1282380

General Chairs:
Jun Murai
Keio University, Japan
,
Kenjiro Cho
IIJ, Japan

ACM SIGCOMM Computer Communication Review Volume 37, Issue 4
October 2007
420 pages
ISSN:0146-4833
DOI:10.1145/1282427
Issue’s Table of Contents

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 August 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SIGCOMM07

Sponsor:

SIGCOMM07: ACM SIGCOMM 2007 Conference

August 27 - 31, 2007

Kyoto, Japan

Acceptance Rates

Overall Acceptance Rate 462 of 3,389 submissions, 14%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

220
Total Citations
View Citations
1,859
Total Downloads

Downloads (Last 12 months)106
Downloads (Last 6 weeks)9

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Frieß JMirdita DSchulmann HWaidner MLuo BLiao XXu JKirda ELie D(2024)Byzantine-Secure Relying Party for Resilient RPKIProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690368(49-63)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690368
Chao DXu DGao FZhang CZhang WZhu L(2024)A Systematic Survey on Security in Anonymity Networks: Vulnerabilities, Attacks, Defenses, and FormalizationIEEE Communications Surveys & Tutorials10.1109/COMST.2024.335000626:3(1775-1829)Online publication date: Nov-2025
https://doi.org/10.1109/COMST.2024.3350006
Pauley EBarford PMcDaniel PCalandrino JTroncoso C(2023)DSCOPEProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620572(5989-6006)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620572
Li WLin ZAshiq MAben EFontugne RPhokeer AChung TMontpetit MLeivadeas AUhlig SJaved M(2023)RoVista: Measuring and Analyzing the Route Origin Validation (ROV) in RPKIProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624806(73-88)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624806
Furuness JMorris CMorillo RHerzberg AWang B(2023)BGPy: The BGP Python Security SimulatorProceedings of the 16th Cyber Security Experimentation and Test Workshop10.1145/3607505.3607509(41-56)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.1145/3607505.3607509
Hlavacek TJeitner PMirdita DShulman HWaidner MSchulzrinne HKohler EMaltz DMisra V(2023)Beyond Limits: How to Disable Validators in Secure NetworksProceedings of the ACM SIGCOMM 2023 Conference10.1145/3603269.3604861(950-966)Online publication date: 10-Sep-2023
https://dl.acm.org/doi/10.1145/3603269.3604861
Umeda NKimura TYanai N(2023)The Juice Is Worth the Squeeze: Analysis of Autonomous System Provider Authorization in Partial DeploymentIEEE Open Journal of the Communications Society10.1109/OJCOMS.2022.32338334(269-306)Online publication date: 2023
https://doi.org/10.1109/OJCOMS.2022.3233833
Milolidakis ABühler TWang KChiesa MVanbever LVissicchio S(2023)On the Effectiveness of BGP Hijackers That Evade Public Route CollectorsIEEE Access10.1109/ACCESS.2023.326112811(31092-31124)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3261128
Shulman HVogel NWaidner MYin HStavrou ACremers CShi E(2022)PosterProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3563523(3467-3469)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3563523
Hlavacek TJeitner PMirdita DShulman HWaidner MYin HStavrou ACremers CShi E(2022)Behind the Scenes of RPKIProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560645(1413-1426)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560645
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents