Ecole d'ingénieur et centre de recherche en Sciences du numérique

Mind your blocks: On the stealthiness of malicious BGP hijacks

Vervier, Pierre-Antoine; Thonnard, Olivier; Dacier, Marc

NDSS 2015, Network and Distributed System Security Symposium, 8-11 February 2015, San Diego, California, USA

Some recent research presented evidence of blocks of IP addresses being stolen by BGP hijackers to launch spam campaigns [35]. This was the first time BGP hijacks were seen in the wild. Since then, only a very few anecdotal cases have been reported as if hackers were not interested in running these attacks. However, it is a common belief among network operators and ISPs that these attacks could be taking place but, so far, no one has produced evidence to back up that claim. In this paper, we analyse 18 months of data collected by an infrastructure specifically built to answer that question: are intentional stealthy BGP hijacks routinely taking place in the Internet? The identification of what we believe to be more than 2,000 malicious hijacks leads to a positive answer. The lack of ground truth is, of course, a problem but we managed to get confirmation of some of our findings thanks to an ISP unwittingly involved in hijack cases we have spotted. This paper aims at being an eye opener for the community by shedding some light on this undocumented threat. We also hope that it will spur new research to understand why these hijacks are taking place and how they can be mitigated. Depending on how BGP attacks are carried out, they can be very disruptive for the whole Internet and should be looked at very closely. As of today, as much as 20% of the whole IPv4 address space is currently allocated but not publicly announced, which makes it potentially vulnerable to such malicious BGP hijacks.

Document Bibtex

Titre:Mind your blocks: On the stealthiness of malicious BGP hijacks
Type:Conférence
Langue:English
Ville:San Diego
Pays:ÉTATS-UNIS
Date:
Département:Sécurité numérique
Eurecom ref:4466
Copyright: © ISOC. Personal use of this material is permitted. The definitive version of this paper was published in NDSS 2015, Network and Distributed System Security Symposium, 8-11 February 2015, San Diego, California, USA and is available at :
Bibtex: @inproceedings{EURECOM+4466, year = {2015}, title = {{M}ind your blocks: {O}n the stealthiness of malicious {BGP} hijacks}, author = {{V}ervier, {P}ierre-{A}ntoine and {T}honnard, {O}livier and {D}acier, {M}arc}, booktitle = {{NDSS} 2015, {N}etwork and {D}istributed {S}ystem {S}ecurity {S}ymposium, 8-11 {F}ebruary 2015, {S}an {D}iego, {C}alifornia, {USA}}, address = {{S}an {D}iego, {\'{E}}{TATS}-{UNIS}}, month = {02}, url = {http://www.eurecom.fr/publication/4466} }
Voir aussi: