{"title":"隐形IP前缀劫持:不要贪多嚼不破","authors":"Christian McArthur, Mina Guirguis","doi":"10.1109/GLOCOM.2009.5425977","DOIUrl":null,"url":null,"abstract":"In prefix hijacking, an Autonomous System (AS) advertises routes for prefixes that are owned by another AS, and ends up hijacking traffic that is intended to the owner. While misconfigurations and/or misunderstandings of policies are the likely reasons behind the majority of those incidents, malicious incidents have also been reported. Recent works have focused on malicious scenarios that aim to maximize the amount of hijacked traffic from all ASes, without considering scenarios where the attacker is aiming to avoid detection. In this paper, we expose a new class of prefix hijacking that is stealthy in nature. The idea is to craft path(s) - of tunable lengths - that deceive only a small subset of ASes. By finely tuning the degree to which ASes are effected, the attacker can handle the hijacked traffic while the victimized AS would not observe a major reduction in its incoming traffic that would raise an alarm. We give upper bounds on the impact of those attacks via simulations on real BGP Internet announcements obtained from Route-Views. We discuss shortcomings in current proposed defense mechanisms against attackers which can falsify traceroute replies. We also present a defense mechanism against stealthy prefix hijacking attacks.","PeriodicalId":405624,"journal":{"name":"GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference","volume":"119 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Stealthy IP Prefix Hijacking: Don't Bite Off More Than You Can Chew\",\"authors\":\"Christian McArthur, Mina Guirguis\",\"doi\":\"10.1109/GLOCOM.2009.5425977\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In prefix hijacking, an Autonomous System (AS) advertises routes for prefixes that are owned by another AS, and ends up hijacking traffic that is intended to the owner. While misconfigurations and/or misunderstandings of policies are the likely reasons behind the majority of those incidents, malicious incidents have also been reported. Recent works have focused on malicious scenarios that aim to maximize the amount of hijacked traffic from all ASes, without considering scenarios where the attacker is aiming to avoid detection. In this paper, we expose a new class of prefix hijacking that is stealthy in nature. The idea is to craft path(s) - of tunable lengths - that deceive only a small subset of ASes. By finely tuning the degree to which ASes are effected, the attacker can handle the hijacked traffic while the victimized AS would not observe a major reduction in its incoming traffic that would raise an alarm. We give upper bounds on the impact of those attacks via simulations on real BGP Internet announcements obtained from Route-Views. We discuss shortcomings in current proposed defense mechanisms against attackers which can falsify traceroute replies. We also present a defense mechanism against stealthy prefix hijacking attacks.\",\"PeriodicalId\":405624,\"journal\":{\"name\":\"GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference\",\"volume\":\"119 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-11-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/GLOCOM.2009.5425977\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/GLOCOM.2009.5425977","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Stealthy IP Prefix Hijacking: Don't Bite Off More Than You Can Chew
In prefix hijacking, an Autonomous System (AS) advertises routes for prefixes that are owned by another AS, and ends up hijacking traffic that is intended to the owner. While misconfigurations and/or misunderstandings of policies are the likely reasons behind the majority of those incidents, malicious incidents have also been reported. Recent works have focused on malicious scenarios that aim to maximize the amount of hijacked traffic from all ASes, without considering scenarios where the attacker is aiming to avoid detection. In this paper, we expose a new class of prefix hijacking that is stealthy in nature. The idea is to craft path(s) - of tunable lengths - that deceive only a small subset of ASes. By finely tuning the degree to which ASes are effected, the attacker can handle the hijacked traffic while the victimized AS would not observe a major reduction in its incoming traffic that would raise an alarm. We give upper bounds on the impact of those attacks via simulations on real BGP Internet announcements obtained from Route-Views. We discuss shortcomings in current proposed defense mechanisms against attackers which can falsify traceroute replies. We also present a defense mechanism against stealthy prefix hijacking attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
