{"title":"通过探索BGP AS-PATH前缀来研究前缀拦截攻击的影响","authors":"Y. Zhang, M. Pourzandi","doi":"10.1109/ICDCS.2012.59","DOIUrl":null,"url":null,"abstract":"The AS path prep ending approach in BGP is commonly used to perform inter-domain traffic engineering, such as inbound traffic load-balancing for multi-homed ASes. It artificially increases the length of the AS level path in BGP announcements by inserting its local AS number multiple times into outgoing announcements. In this work, we study how the AS path prep ending mechanism can be exploited to launch a BGP prefix interception attack. Our work is motivated by a recent routing anomaly related to AS Path prepending behavior, i.e., Facebook's traffic being redirected to Korea and China due to a shorter path with fewer prep ending ASNs. In order to measure the possible impact of the attack, we develop a simulator to quantify the damage of the attack under a diverse set of attacker/victim combinations. Our main contribution is to quantify how many ASes may be susceptible to the attack, and analyze how effective the attack may be through simulation. Furthermore, we propose an algorithm to detect the interception attack by exploiting inconsistencies via collaborative monitoring from multiple vantage points. Our evaluation shows up to 99% accuracy with 150 vantage points.","PeriodicalId":6300,"journal":{"name":"2012 IEEE 32nd International Conference on Distributed Computing Systems","volume":"293 1","pages":"667-677"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Studying Impacts of Prefix Interception Attack by Exploring BGP AS-PATH Prepending\",\"authors\":\"Y. Zhang, M. Pourzandi\",\"doi\":\"10.1109/ICDCS.2012.59\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The AS path prep ending approach in BGP is commonly used to perform inter-domain traffic engineering, such as inbound traffic load-balancing for multi-homed ASes. It artificially increases the length of the AS level path in BGP announcements by inserting its local AS number multiple times into outgoing announcements. In this work, we study how the AS path prep ending mechanism can be exploited to launch a BGP prefix interception attack. Our work is motivated by a recent routing anomaly related to AS Path prepending behavior, i.e., Facebook's traffic being redirected to Korea and China due to a shorter path with fewer prep ending ASNs. In order to measure the possible impact of the attack, we develop a simulator to quantify the damage of the attack under a diverse set of attacker/victim combinations. Our main contribution is to quantify how many ASes may be susceptible to the attack, and analyze how effective the attack may be through simulation. Furthermore, we propose an algorithm to detect the interception attack by exploiting inconsistencies via collaborative monitoring from multiple vantage points. Our evaluation shows up to 99% accuracy with 150 vantage points.\",\"PeriodicalId\":6300,\"journal\":{\"name\":\"2012 IEEE 32nd International Conference on Distributed Computing Systems\",\"volume\":\"293 1\",\"pages\":\"667-677\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE 32nd International Conference on Distributed Computing Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICDCS.2012.59\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE 32nd International Conference on Distributed Computing Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDCS.2012.59","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Studying Impacts of Prefix Interception Attack by Exploring BGP AS-PATH Prepending
The AS path prep ending approach in BGP is commonly used to perform inter-domain traffic engineering, such as inbound traffic load-balancing for multi-homed ASes. It artificially increases the length of the AS level path in BGP announcements by inserting its local AS number multiple times into outgoing announcements. In this work, we study how the AS path prep ending mechanism can be exploited to launch a BGP prefix interception attack. Our work is motivated by a recent routing anomaly related to AS Path prepending behavior, i.e., Facebook's traffic being redirected to Korea and China due to a shorter path with fewer prep ending ASNs. In order to measure the possible impact of the attack, we develop a simulator to quantify the damage of the attack under a diverse set of attacker/victim combinations. Our main contribution is to quantify how many ASes may be susceptible to the attack, and analyze how effective the attack may be through simulation. Furthermore, we propose an algorithm to detect the interception attack by exploiting inconsistencies via collaborative monitoring from multiple vantage points. Our evaluation shows up to 99% accuracy with 150 vantage points.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
