PHAS: A prefix hijack alert system

Mohit Lad, Dan Massey, Dan Pei, Yiguo Wu, Beichuan Zhang, Lixia Zhang

Research output: Contribution to conferencePaper

185 Scopus citations

Abstract

In a BGP prefix hijacking event, a router originates a route to a prefix, but does not provide data delivery to the actual prefix. Prefix hijacking events have been widely reported and are a serious problem in the Internet. This paper presents a new Prefix Hijack Alert System (PHAS). PHAS is a real-time notification system that alerts prefix owners when their BGP origin changes. By providing reliable and timely notification of origin AS changes, PHAS allows prefix owners to quickly and easily detect prefix hijacking events and take prompt action to address the problem. We illustrate the effectiveness of PHAS and evaluate its overhead using BGP logs collected from RouteViews. PHAS is light-weight, easy to implement, and readily deployable. In addition to protecting against false BGP origins, the PHAS concept can be extended to detect prefix hijacking events that involve announcing more specific prefixes or modifying the last hop in the path.

Original languageEnglish (US)
Pages153-166
Number of pages14
StatePublished - Jan 1 2006
Event15th USENIX Security Symposium - Vancouver, Canada
Duration: Jul 31 2006Aug 4 2006

Conference

Conference15th USENIX Security Symposium
CountryCanada
CityVancouver
Period7/31/068/4/06

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'PHAS: A prefix hijack alert system'. Together they form a unique fingerprint.

  • Cite this

    Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., & Zhang, L. (2006). PHAS: A prefix hijack alert system. 153-166. Paper presented at 15th USENIX Security Symposium, Vancouver, Canada.