{"title":"BGP监控告警系统用于检测和防止异常IP前缀发布","authors":"Jekuk Yun, Beomseok Hong, Yanggon Kim","doi":"10.1145/2513228.2513292","DOIUrl":null,"url":null,"abstract":"The Border Gateway Protocol (BGP) is the routing protocol that enables large IP networks to form a single Internet. The main objective of BGP is to exchange Network Layer Reachability Information (NLRI) between Autonomous Systems (ASes) so that a BGP speaker can announce their IP prefix and find a path to the destination of packets. However, a BGP hijacker can pretend to be any third BGP speaker because BGP itself doesn't have the functionality of validating BGP messages. In order to solve this problem, BGP speaker needs to validate messages coming from other BGP speakers. In this paper, we propose the BGP Monitoring and Alarm System (BGPMAS) which monitors incoming announcements and starts to make sounds of the alarm if the BGPMAS detects an invalid announcement. In addition, the BGPMAS provides AS administrators with web service to show where the invalid message is coming from so that the administrators can rapidly deal with the IP prefix hijacking by ignoring the malicious BGP router's prefix. In order to set this environment, the BGPMAS needs to be connected to the BGP router and the AS administrator needs the Alarm Application (AA) which will make sounds of the alarm and the AA receives a signal from the BGPMAS when the BGPMAS detect an invalid announcement. As a result, the BGP routers can easily have the RPKI-based origin validation function with the BGPMAS.","PeriodicalId":120340,"journal":{"name":"Research in Adaptive and Convergent Systems","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"The BGP monitoring and alarming system to detect and prevent anomaly IP prefix advertisement\",\"authors\":\"Jekuk Yun, Beomseok Hong, Yanggon Kim\",\"doi\":\"10.1145/2513228.2513292\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Border Gateway Protocol (BGP) is the routing protocol that enables large IP networks to form a single Internet. The main objective of BGP is to exchange Network Layer Reachability Information (NLRI) between Autonomous Systems (ASes) so that a BGP speaker can announce their IP prefix and find a path to the destination of packets. However, a BGP hijacker can pretend to be any third BGP speaker because BGP itself doesn't have the functionality of validating BGP messages. In order to solve this problem, BGP speaker needs to validate messages coming from other BGP speakers. In this paper, we propose the BGP Monitoring and Alarm System (BGPMAS) which monitors incoming announcements and starts to make sounds of the alarm if the BGPMAS detects an invalid announcement. In addition, the BGPMAS provides AS administrators with web service to show where the invalid message is coming from so that the administrators can rapidly deal with the IP prefix hijacking by ignoring the malicious BGP router's prefix. In order to set this environment, the BGPMAS needs to be connected to the BGP router and the AS administrator needs the Alarm Application (AA) which will make sounds of the alarm and the AA receives a signal from the BGPMAS when the BGPMAS detect an invalid announcement. As a result, the BGP routers can easily have the RPKI-based origin validation function with the BGPMAS.\",\"PeriodicalId\":120340,\"journal\":{\"name\":\"Research in Adaptive and Convergent Systems\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Research in Adaptive and Convergent Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2513228.2513292\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Research in Adaptive and Convergent Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2513228.2513292","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The BGP monitoring and alarming system to detect and prevent anomaly IP prefix advertisement
The Border Gateway Protocol (BGP) is the routing protocol that enables large IP networks to form a single Internet. The main objective of BGP is to exchange Network Layer Reachability Information (NLRI) between Autonomous Systems (ASes) so that a BGP speaker can announce their IP prefix and find a path to the destination of packets. However, a BGP hijacker can pretend to be any third BGP speaker because BGP itself doesn't have the functionality of validating BGP messages. In order to solve this problem, BGP speaker needs to validate messages coming from other BGP speakers. In this paper, we propose the BGP Monitoring and Alarm System (BGPMAS) which monitors incoming announcements and starts to make sounds of the alarm if the BGPMAS detects an invalid announcement. In addition, the BGPMAS provides AS administrators with web service to show where the invalid message is coming from so that the administrators can rapidly deal with the IP prefix hijacking by ignoring the malicious BGP router's prefix. In order to set this environment, the BGPMAS needs to be connected to the BGP router and the AS administrator needs the Alarm Application (AA) which will make sounds of the alarm and the AA receives a signal from the BGPMAS when the BGPMAS detect an invalid announcement. As a result, the BGP routers can easily have the RPKI-based origin validation function with the BGPMAS.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
