IP Prefix Hijacking Detection Using Idle Scan
نویسندگان
چکیده
The Internet is comprised of a lot of interconnected networks communicating reachability information using BGP. Due to the design based on trust between networks, IP prefix hijacking can occurs, which is caused by wrong routing information. This results in a serious security threat in the Internet routing system. In this paper, we present an effective and practical approach for detecting IP prefix hijacking without major change to the current routing infrastructure. To detect IP prefix hijacking event, we are monitoring routing update messages that show wrong announcement of IP prefix origin. When a suspicious BGP update that causes MOAS conflict is received, the detection system starts idle scan for IP ID probing so that distinguish IP prefix hijacking event from legitimate routing update.
منابع مشابه
Understanding IP Prefix Hijacking and its Detection
Since IP Prefix Hijacking is a major threat for every Autonomous System in the Internet, this paper tries to give an understanding of IP prefix hijacking and some of their detection methods. This may rise attention and awareness for that topic among the readers. If a malicious attacker would hijack an IP and use it for committing serious crimes, the original owner of the IP address would eventu...
متن کاملAnalysis of IP Prefix Hijacking and Traffic Interception
In the Internet, BGP is de facto inter-domain routing protocol. And it is vulnerable to a number of damaging attacks. Among these attacks, IP prefix hijacking and traffic interception are regarded as the serious threats in the Internet. There have been many incidents of IP prefix hijacking in the Internet. The hijacking AS can blackhole the hijacked traffic by introducing network unreachability...
متن کاملA Forensic Case Study on AS Hijacking
The Border Gateway Protocol (BGP) was designed without security in mind. Until today, this fact makes the Internet vulnerable to hijacking attacks that intercept or blackhole Internet traffic. So far, significant effort has been put into the detection of IP prefix hijacking, while AS hijacking has received little attention. AS hijacking is more sophisticated than IP prefix hijacking, and is aim...
متن کاملAccurate Real-time Identification of IP Hijacking
In this paper, we present novel and practical techniques to accurately detect IP prefix hijacking attacks in real time to facilitate timely mitigation responses. There are strong evidences that IP hijacking is common on today’s Internet. Attackers may hijack victim’s IP address space to perpetrate malicious activities such as spamming and launching DoS attacks without worrying about disclosing ...
متن کاملA Dsa-based Scheme for Defending against Ip Prefix Hijacking without Repositories
Original scientific paper IP prefix hijacking poses a serious threat to the security of the Internet. Cryptographic authenticating origin ASes (Autonomous Systems) of advertised prefix, which is an effective way of preventing IP prefix hijacking, has received wide acceptance. However, these existing schemes received various critical comments on their inefficiency when cryptographic authenticati...
متن کامل