Open access
Autor(in)
Alle anzeigen
Datum
2023Typ
- Journal Article
ETH Bibliographie
yes
Altmetrics
Abstract
Routing hijack attacks have plagued the Internet for decades. After many failed mitigation attempts, recent Internet-wide BGP monitoring infrastructures relying on distributed route collection systems, called route collectors, give us hope that future monitor systems can quickly detect and ultimately mitigate hijacks. In this paper, we investigate the effectiveness of public route collectors with respect to future attackers deliberately engineering longer hijacks to avoid being recorded by route collectors. Our extensive simulations (and attacks we device) show that monitor-based systems may be unable to observe many carefully crafted hijacks diverting traffic from thousands of ASes. Hijackers could predict whether their attacks would propagate to some BGP feeders (i.e., monitors) of public route collectors. Then, manipulate BGP route propagation so that the attack never reaches those monitors. This observation remains true when considering plausible future Internet topologies, with more IXP links and up to 4 times more monitors peering with route collectors. We then evaluate the feasibility of performing hijacks not observed by route collectors in the real-world. We experiment with two classifiers to predict the monitors that are dangerous to report the attack to route collectors, one based on monitor proximities (i.e., shortest path lengths) and another based on Gao-Rexford routing policies. We show that a proximity-based classifier could be sufficient for the hijacker to identify all dangerous monitors for hijacks announced to peer-to-peer neighbors. For hijacks announced to transit networks, a Gao-Rexford classifier reduces wrong inferences by $\ge 91\%$ without introducing new misclassifications for existing dangerous monitors. Mehr anzeigen
Persistenter Link
https://doi.org/10.3929/ethz-b-000610074Publikationsstatus
publishedExterne Links
Zeitschrift / Serie
IEEE AccessBand
Seiten / Artikelnummer
Verlag
IEEEThema
BGP; BGP hijacking; stealthy IP prefix hijacking; inter-domain routing; routing policies; route collectors; forged AS path; BGP monitoring; BGPStreamOrganisationseinheit
09477 - Vanbever, Laurent / Vanbever, Laurent
ETH Bibliographie
yes
Altmetrics