How to prevent AS hijacking attacks

The Border Gateway Protocol (BGP) was designed without security aspects in mind. This fact makes the Internet vulnerable to attacks: complete networks can be hijacked to blackhole or intercept traffic. In this work, we extend the set of known hijacking attacks with a real case study on AS hijacking, carried out in order to send spam from a victim's network. This type of attack is more sophisticated than common IP prefix hijacking, and is aimed at a long-term benefit, with effective use for several months. On our poster, we thoroughly investigate the aforementioned incident based on live data from both the control and the data plane. Our analysis yields insights into the attacker's proceeding to covertly hijack a whole autonomous system, mislead an upstream provider and abuse an unallocated address space. We further discuss the potential for prevention and reveal shortcomings of state of the art BGP security extensions like RPKI. Based on these findings, we outline the concept of an early warning system for AS hijacking with pre-emptive capabilities.