Concurrent prefix hijacks: Occurrence and impacts

Varun Khare, Qing Ju, Beichuan Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Scopus citations

Abstract

A concurrent prefix hijack happens when an unauthorized network originates IP prefixes of multiple other networks. Its extreme case is leaking the entire routing table, i.e., hijacking all the prefixes in the table. This is a well-known problem and there exists a preventive measure in practice to safeguard against it. However, we investigated and uncovered many concurrent prefix hijacks that didn't involve a full-table leak. We report these events and their impact on Internet routing. y correlating suspicious routing announcements and comparing it with a network's past routing announcements, we develop a method to detect a network's abnormal behavior of offending multiple other networks simultaneously. Applying the detection algorithm to BGP routing updates from 2003 through 2010, we identify five to twenty concurrent prefix hijacks every year, most of which are previously unknown to the research and operation communities at large. They typically hijack prefixes owned by a few tens of networks, last from a few minutes to a few hours, and pollute routes at most vantage points.

Original languageEnglish (US)
Title of host publicationIMC 2012 - Proceedings of the ACM Internet Measurement Conference
Pages29-35
Number of pages7
DOIs
StatePublished - Dec 17 2012
Event2012 ACM Internet Measurement Conference, IMC 2012 - Boston, MA, United States
Duration: Nov 14 2012Nov 16 2012

Publication series

NameProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Other

Other2012 ACM Internet Measurement Conference, IMC 2012
CountryUnited States
CityBoston, MA
Period11/14/1211/16/12

    Fingerprint

Keywords

  • bgp security
  • prefix hijacking

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Khare, V., Ju, Q., & Zhang, B. (2012). Concurrent prefix hijacks: Occurrence and impacts. In IMC 2012 - Proceedings of the ACM Internet Measurement Conference (pp. 29-35). (Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC). https://doi.org/10.1145/2398776.2398780