PHAS: A Prefix Hijack Alert System
نویسندگان
چکیده
In a BGP prefix hijacking event, a router originates a route to a prefix, but does not provide data delivery to the actual prefix. Prefix hijacking events have been widely reported and are a serious problem in the Internet. This paper presents a new Prefix Hijack Alert System (PHAS). PHAS is a real-time notification system that alerts prefix owners when their BGP origin changes. By providing reliable and timely notification of origin AS changes, PHAS allows prefix owners to quickly and easily detect prefix hijacking events and take prompt action to address the problem. We illustrate the effectiveness of PHAS and evaluate its overhead using BGP logs collected from RouteViews. PHAS is light-weight, easy to implement, and readily deployable. In addition to protecting against false BGP origins, the PHAS concept can be extended to detect prefix hijacking events that involve announcing more specific prefixes or modifying the last hop in the path.
منابع مشابه
Hi-BGP: A Lightweight Hijack-proof Inter-domain Routing Protocol
BGP is the cornerstone of the Internet. However, the implicit trust assumption in BGP’s design destines its inherited vulnerability. Prefix hijacking is one of the large-scale BGPspecific routing anomalies that are able to paralyze the Internet. This calls for a hijack-proof security solution. By putting the protection against prefix hijacking the top priority, we design a lightweight hijack-pr...
متن کاملMeasuring and Analyzing on Effection of BGP Session Hijack Attack
Because there is no authentication mechanism used in BGP, a mis-behaving router can announce routes to any destination prefix on the Internet and even manipulate route attributes in the routing updates it sends to neighboring routers. Taking advantage of this weakness has become the fundamental mechanism for constructing prefix hijack attacks. The relation of network topology and prefix hijacki...
متن کاملUnderstanding IP Prefix Hijacking and its Detection
Since IP Prefix Hijacking is a major threat for every Autonomous System in the Internet, this paper tries to give an understanding of IP prefix hijacking and some of their detection methods. This may rise attention and awareness for that topic among the readers. If a malicious attacker would hijack an IP and use it for committing serious crimes, the original owner of the IP address would eventu...
متن کاملEvaluation on the influence of internet prefix hijacking events
The inter-domain routing system based on the BGP protocol is a kernel establishment in the Internet. There have been many incidents of IP prefix hijacking by BGP protocol in the Internet. Attacks may hijack victim's address space to disrupt network services or perpetrate malicious activities such as spamming and DoS attacks without disclosing identity. The relation between prefix hijacking and ...
متن کاملDetecting Large Route Leaks
Prefix hijacking, in which an unauthorized network announces IP prefixes of other networks, is a major threat to the Internet routing security. Existing detection systems either generate many false positives, requiring frequent human intervention, or are designed to protect a small number of specific prefixes. Therefore they are not suitable to protect data traffic at networks other than the pr...
متن کامل