IP Prefix Hijacking Detection Using Idle Scan

نویسندگان

  • Seong-Cheol Hong
  • Hong-Taek Ju
  • James Won-Ki Hong
چکیده

The Internet is comprised of a lot of interconnected networks communicating reachability information using BGP. Due to the design based on trust between networks, IP prefix hijacking can occurs, which is caused by wrong routing information. This results in a serious security threat in the Internet routing system. In this paper, we present an effective and practical approach for detecting IP prefix hijacking without major change to the current routing infrastructure. To detect IP prefix hijacking event, we are monitoring routing update messages that show wrong announcement of IP prefix origin. When a suspicious BGP update that causes MOAS conflict is received, the detection system starts idle scan for IP ID probing so that distinguish IP prefix hijacking event from legitimate routing update.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Understanding IP Prefix Hijacking and its Detection

Since IP Prefix Hijacking is a major threat for every Autonomous System in the Internet, this paper tries to give an understanding of IP prefix hijacking and some of their detection methods. This may rise attention and awareness for that topic among the readers. If a malicious attacker would hijack an IP and use it for committing serious crimes, the original owner of the IP address would eventu...

متن کامل

Analysis of IP Prefix Hijacking and Traffic Interception

In the Internet, BGP is de facto inter-domain routing protocol. And it is vulnerable to a number of damaging attacks. Among these attacks, IP prefix hijacking and traffic interception are regarded as the serious threats in the Internet. There have been many incidents of IP prefix hijacking in the Internet. The hijacking AS can blackhole the hijacked traffic by introducing network unreachability...

متن کامل

A Forensic Case Study on AS Hijacking

The Border Gateway Protocol (BGP) was designed without security in mind. Until today, this fact makes the Internet vulnerable to hijacking attacks that intercept or blackhole Internet traffic. So far, significant effort has been put into the detection of IP prefix hijacking, while AS hijacking has received little attention. AS hijacking is more sophisticated than IP prefix hijacking, and is aim...

متن کامل

Accurate Real-time Identification of IP Hijacking

In this paper, we present novel and practical techniques to accurately detect IP prefix hijacking attacks in real time to facilitate timely mitigation responses. There are strong evidences that IP hijacking is common on today’s Internet. Attackers may hijack victim’s IP address space to perpetrate malicious activities such as spamming and launching DoS attacks without worrying about disclosing ...

متن کامل

A Dsa-based Scheme for Defending against Ip Prefix Hijacking without Repositories

Original scientific paper IP prefix hijacking poses a serious threat to the security of the Internet. Cryptographic authenticating origin ASes (Autonomous Systems) of advertised prefix, which is an effective way of preventing IP prefix hijacking, has received wide acceptance. However, these existing schemes received various critical comments on their inefficiency when cryptographic authenticati...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2009