The Border Gateway Protocol (BGP) was designed without security aspects in mind. This fact makes the Internet vulnerable to attacks: complete networks can be hijacked to blackhole or intercept traffic. In this work, we extend the set of known hijacking attacks with a real case study on AS hijacking, carried out in order to send spam from a victim's network. This type of attack is more sophisticated than common IP prefix hijacking, and is aimed at a long-term benefit, with effective use for several months. On our poster, we thoroughly investigate the aforementioned incident based on live data from both the control and the data plane. Our analysis yields insights into the attacker's proceeding to covertly hijack a whole autonomous system, mislead an upstream provider and abuse an unallocated address space. We further discuss the potential for prevention and reveal shortcomings of state of the art BGP security extensions like RPKI. Based on these findings, we outline the concept of an early warning system for AS hijacking with pre-emptive capabilities.
How to prevent AS hijacking attacks
CONEXT Student 2012, ACM Conference on Conext Student Workshop, December 10, 2012, Nice, France
Type:
Poster / Demo
City:
Nice
Date:
2012-12-10
Department:
Sécurité numérique
Eurecom Ref:
3901
Copyright:
© ACM, 2012. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CONEXT Student 2012, ACM Conference on Conext Student Workshop, December 10, 2012, Nice, France http://dx.doi.org/10.1145/2413247.2413265
PERMALINK : https://www.eurecom.fr/publication/3901