Detecting Large Route Leaks
نویسندگان
چکیده
Prefix hijacking, in which an unauthorized network announces IP prefixes of other networks, is a major threat to the Internet routing security. Existing detection systems either generate many false positives, requiring frequent human intervention, or are designed to protect a small number of specific prefixes. Therefore they are not suitable to protect data traffic at networks other than the prefix owner during on-going hijacks. We design and implement a system that detects a specific type of prefix hijacking, large route leaks, at real time and without requiring authoritative prefix ownership information. In a large route leak, an unauthorized network hijacks prefixes owned by multiple different networks. By correlating suspicious routing announcements along the time dimension and comparing with a network’s past behavior, we are able to identify a network’s abnormal behavior of offending multiple other networks at the same time. Applying the detection algorithm to routing data from 2003 through 2009, we identify five to twenty large route leaks every year. They typically hijack prefixes owned by a few tens of other networks, last from a few minutes to a few hours, and pollute routes at most vantage points of the data collector. In 2009 there are ten events detected, none of which was mentioned on operator mailing lists, but most are confirmed through our communication with individual operators of affected networks. The system can take real-time routing data feed and conduct the detection quickly, enabling automated response to these attacks without requiring authoritative prefix ownership information or human intervention.
منابع مشابه
Detecting memory leaks in managed languages with Cork
A memory leak in a managed program occurs when the program inadvertently maintains references to objects that it no longer needs. Memory leaks cause systematic heap growth which degrades performance and results in program crashes after perhaps days or weeks of execution. Prior approaches for detecting memory leaks rely on heap differencing or detailed object statistics which store state proport...
متن کاملHepatobiliary Scintigraphy in Patients with Bile Leaks
Hepatobilillry scintigraphy has been recognized as u useful tool in detecting the presence and sites of bile leaks. The clinical settings in which bile leaks are likely to occur, as weU as some of the scintigraphic patterns seen in patients with bile leaks, are reviewed here. lips for technologists are offered on interventions that might enhance the quality of information available to the nucle...
متن کاملComparison of tests for detecting leaks in the low-pressure system of anesthesia gas machines.
Small leaks in the low-pressure system (LPS) of the anesthesia gas machine can cause hypoxia or patient awareness. We sought to determine the relative sensitivities of the various tests recommended for detecting LPS leaks before anesthesia. Special adapters were fashioned to create leaks of six different sizes in the LPS that were equivalent to the following: a single 25-, 22-, 20-, or 15-gauge...
متن کاملCork: Dynamic Memory Leak Detection for Java
Despite all the benefits of garbage collection, memory leaks remain a problem for Java programs. A memory leak in Java occurs when a program inadvertently maintains references to objects that it no longer needs, preventing the garbage collector from reclaiming space. At best, leaks degrade performance. At worst, they cause programs to run out of memory and crash. Small continuous leaks in long-...
متن کاملCAIR: Using Formal Languages to Study Routing, Leaking, and Interception in BGP
The Internet routing protocol BGP expresses topological reachability and policy-based decisions simultaneously in path vectors. A complete view on the Internet backbone routing is given by the collection of all valid routes, which is infeasible to obtain due to information hiding of BGP, the lack of omnipresent collection points, and data complexity. Commonly, graph-based data models are used t...
متن کامل