We Care About Data Quality at IXPs

Slides:



Advertisements
Similar presentations
Who cares about abuse? Rodney Tillotson, JANET-CERT APNIC, August 2001 United Kingdom Education & Research Networking Association.
Advertisements

The Datapository Dave Andersen, CMU James Moss, CMU Nick Feamster, Georgia Tech
Anti-Spam Management for Service Provider in Malaysia Alan Lee NTT MSC.
Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Mapping Out Cyber Crime Infrastructure A Law Enforcement Approach Jon Flaherty UK National Cyber Crime Unit 13 th May 2015 RIPE 70 - Amsterdam.
Route Servers: What, Why, and How? Andy Davidson Allegro Networks / LONAP August 2014 Peer 2.0/SFO.
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
© XchangePoint 2001 Economic Differences Between Transit and Peering Exchanges Keith Mitchell Chief Technical Officer NANOG 25 10th June 2002.
Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.
Introduction to BGP.
CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.
CS 3830 Day 29 Introduction 1-1. Announcements r Quiz 4 this Friday r Signup to demo prog4 (all group members must be present) r Written homework on chapter.
Policies for Peering and Internet Exchanges AFIX Technical Workshop Session 8.
BCNET Conference April 29, 2009 Andree Toonk BGPmon.net Prefix hijacking! Do you know who's routing your network? Andree Toonk
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429/556 Introduction to Computer Networks Inter-domain routing Some slides used with.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 16 PHILLIPA GILL - STONY BROOK U.
Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Course Introduction.
IX Data Collection- The Big Question? by Andrew Owens - NAPAfrica Protect. Connect. Grow.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.
Inter-domain Routing Outline Border Gateway Protocol.
The Benefit and Need of Standard Contribution for IXPs Jan Stumpf System Engineer.
Traffic Volume Dependencies between IXPs Thomas King R&D, DE-CIX.
Investigation of Traffic Dependencies between IXPs in Failure Scenarios APRICOT 2016, Peering Forum Auckland, New Zealand Arnold Nipper Chief.
CS 3700 Networks and Distributed Systems
CS 3700 Networks and Distributed Systems
PCAP BGP Parser RIPE 73, Madrid Christoph Dietzel, Tobias Hannaske
Keeping local stuff local
Cleaning up after the Nr 3 SPAM botnet and the worst prefix
Traffic Volume Dependencies between IXPs
COS 561: Advanced Computer Networks
Everybody Leaks Alexander Azimov.
How do we decide where to deploy to next?
COS 561: Advanced Computer Networks
Route Servers: An AMS-IX Introspective
Working together to improve routing security for all
CSCI-1680 Network Layer: Inter-domain Routing
MANRS IXP Partnership Programme
Measuring routing (in)security
COS 561: Advanced Computer Networks
MANRS for IXPs Why we did it? What did we do?
The real-time Internet routing observatory
COS 561: Advanced Computer Networks
DE-CIX New York – Renumbering Heads-up Dr. Thomas King, CTO
COS 561: Advanced Computer Networks
COMP/ELEC 429/556 Introduction to Computer Networks
BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged
BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)
COS 461: Computer Networks
Improving global routing security and resilience
Fixing the Internet: Think Locally, Impact Globally
Peering Security DKNOG, March 14-15, 2019 Susan Forney and Walt Wollny
BGP Instability Jennifer Rexford
UKNOF 42 - London January 15th 2019
PCAP BGP Parser RIPE 73, Madrid Christoph Dietzel, Tobias Hannaske
The Sudanese IXP re-invented itself
FIRST How can MANRS actions prevent incidents .
One of the Best Debt Settlement Companies Cpshelps.com.
UKNOF 42 - London January 15th 2019
IXPDB & Euro-IX Tools SEE , Sarajevo.
Wireless Spoofing Attacks on Mobile Devices
MANRS Implementation Guides
RIPE78, Reykjavik Bijal Sanghani
Amreesh Phokeer Research Manager AfPIF-10, Mauritius
An Application Programming Interface for Interconnection Services
An Application Programming Interface for Interconnection Services
IXP FilterCheck A New Route Analysis Tool for IXPs
Presentation transcript:

We Care About Data Quality at IXPs Dr. Thomas King, Chief Innovation Officer, DE-CIX

Customer View: Purpose of an IXP Connect many ASNs Solicit settlement free peering → Traffic exchange made easy Route server

IXPs are a Perfect Place for Spammers Announce 8.8.8.0/24 Often not well filtered BGP sessions (bilateral + route server) It is easy to do nasty BGP tricks IP hijacks (e.g. not announced IP space) Combined ASN + IP hijacks (e.g. not operated ASNs) Hide hijacked resources behind upstream network – pretend that the spammer is just a clueless / bad customer of a customer AS15159 Announce 1.2.3.4/16 IXP Route server

Spammer’s Activities Are Hard to Detect Announce 8.8.8.0/24 Peering means learned routes are not propagated to upstream provider. Spammer announcements do not show up in Global Routing Table. For detection tools (e.g. RIPE RIS, BGPmon and Qrator) it is hard (to impossible) to detect ASN + IP Hijacks AS15159 Global Routing Table Announce 1.2.3.4/16 IXP Route server Upstream

Traffic at IXPs is for Free DF-IX: Spijkenisse, The Hague, Rotterdam, Zoetermeer

We Learned This the Hard Way One member informed us about massive spam / IP Hijacks coming from other members May 2017 Investigation of the case Goals: Find activities violating DE-CIX contracts Collect evidence BGP analysis (bilateral, route server): > 50 IP prefix owners contacted 6 replied with clear statements that no business relationship exists DE-CIX services suspended due to violation of DE-CIX contracts Members confronted with allegations. No cooperative of alleged members. Contracts canceled due to violation of DE-CIX contracts June 2017

We could have Known Better

We could have Known Better We have a community that works with blame and shame Websites / Blogs: Mailing lists: *nog → Names of companies change, however, ASNs stick → Lots of information available, our responsibility to use it

Lessons Learned ASN / IP Hijacks Review Abuse management Defined contact person and guarantee discretion → solicit feedback from customers Redefine Abuse process Blacklist for expelled members (during sales process) ASN / IP Hijacks

We Care about Data Quality at IXPs We are an IXP operator with clear rules in our contracts: Layer 2 Layer 3 (mainly BGP) Violations of these rules might be prosecuted – we care about (BGP) data quality We want to make sure IXPs are a stable and reliable place for exchanging traffic

Questions for You Did you encounter such cases as well? If yes, how did you react? What is your abuse policy? Do you forward information about illegal activities to your IXPs/ISPs or the police?