Everybody Leaks Alexander Azimov.

Slides:

Advertisements

Similar presentations

Attention (your target market) !. Are you (their problem) ?

Advertisements

Comparing IPv4 and IPv6 from the perspective of BGP dynamic activity Geoff Huston APNIC February 2012.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

Swinog-7, 22nd october 2003 BGP filtering André Chapuis,

Dongkee LEE 1 Understanding BGP Misconfiguration Ratul Mahajan, David Wetherall, Tom Anderson.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada ISP-Friendly Peer Matching without ISP Collaboration Mohamed Hefeeda (Joint.

Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK

Delayed Internet Routing Convergence Craig Labovitz, Abha Ahuja, Abhijit Bose, Farham Jahanian Presented By Harpal Singh Bassali.

Arbor Multi-Layer Cloud DDoS Protection

NOC Lessons Learned TEIN2 and CERNET Xing Li

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.

Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

1 SENSS Security Service for the Internet Jelena Mirkovic USC Information Sciences Institute Joint work with Minlan Yu (USC), Ying Zhang.

MonNet – a project for network and traffic monitoring Detection of malicious Traffic on Backbone Links via Packet Header Analysis Wolfgang John and Tomas.

BGP operations and security draft-jdurand-bgp-security-02.txt Jerome Durand Gert Doering Ivan Pepelnjak.

RIPE NCC IRR training 4 February 2011 Zurich, Switzerland IPv6 Golden Networks Jeroen Massar Things to watch.

BCNET Conference April 29, 2009 Andree Toonk BGPmon.net Prefix hijacking! Do you know who's routing your network? Andree Toonk

© 2004 AARNet Pty Ltd Measurement in aarnet3 4 July 2004.

Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.

A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡

Marco Brandstaetter Business Development, DE-CIX Management GmbH The (unknown) arguments for peering.

1 Alexander Azimov Highload Lab Detecting Autonomous Systems Relationships.

By, Matt Guidry Yashas Shankar.  Analyze BGP beacons which are announced and withdrawn, usually within two hour intervals.  The withdraws have an effect.

Detecting Attacks on Internet Infrastructure and Monitoring of Service Restoration in Real Time Andy Ogielski FCC Workshop on Cyber Security 30 September.

1 DNSMON DNS Server Monitoring RIPE NCC 3 December 2015.

Eliminating Packet Loss Caused by BGP Convergence Nate Kushman Srikanth Kandula, Dina Katabi, and Bruce Maggs.

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 16 PHILLIPA GILL - STONY BROOK U.

Draft-ietf-sidr-bgpsec-reqs-01 diffs from -00 (Jul) sidr / IETF Taipei Randy Bush sidr bgpsec reqs 1.

1 Agenda for Today’s Lecture The rationale for BGP’s design –What is interdomain routing and why do we need it? –Why does BGP look the way it does? How.

Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.

BGP Transit Autonomous System

1 Effective Diagnosis of Routing Disruptions from End Systems Ying Zhang Z. Morley Mao Ming Zhang.

1 Investigating occurrence of duplicate updates in BGP announcements Jong Han Park 1, Dan Jen 1, Mohit Lad 2, Shane Amante 3, Danny McPherson 4, Lixia.

Introduction of An Engineering Project for KOREN/APII Seung-Joon Seok Korea University.

ROUTE FILTERING: If you accept free beer, expect an hangover Thomas Mangin AS30740 Linx 57, 21 st of may 2007.

CS 3700 Networks and Distributed Systems

BGP Routing Stability of Popular Destinations

The BGP Visibility Scanner

More Specific Announcements in BGP

Border Gateway Protocol

Cover Letter Writing.

We Care About Data Quality at IXPs

Is Your Online Security Intelligent? Internet Performance Management

Associated Connect sample reports

Jessica Yu ANS Communication Inc. Feb. 9th, 1998

More Specific Announcements in BGP

Lean Canvas Project Name PRODUCT MARKET Problem Solution

Lessons Learned TEIN2 and CERNET

The real-time Internet routing observatory

Identifying problematic inter-domain routing issues

COS 561: Advanced Computer Networks

Transient BGP Loops Do they matter, and what can be done about them?

Improving global routing security and resilience

Fixing the Internet: Think Locally, Impact Globally

Jan Chrillesen, Stofa A/S

Peering Security DKNOG, March 14-15, 2019 Susan Forney and Walt Wollny

FIRST How can MANRS actions prevent incidents .

Lean Canvas Project Name PRODUCT MARKET Problem Solution

Chapter 15.3: Regulating the Money Supply

By Keessun Fokeerah Member Services(MS) Team

Amreesh Phokeer Research Manager AfPIF-10, Mauritius

Wireless + TSN = Part of the Picture

APNIC Solving problems for our community

APNIC Solving problems for our community

Excessive BGP AS Path Prepending is a Self-Inflicted Vulnerability

Presentation transcript:

Everybody Leaks Alexander Azimov

Route Leaks Abnormal subpath: Provider -> Customer -> Provider Provider -> Customer -> Peering Peering -> Customer -> Provider Peering -> Peering -> Peering Amount? We define route leak as announces that have abnormal subpath: provide-customer-provider, etc. What are the main features of route leaks? They increase latency, make your infrastructure vulnerable and undetectable from origin AS. But what about amount of such incidents?

New Abnormal Paths Monthly This a graph describes amount of different abnormal paths we have detected during last few months. AS you can see, we detect about two thousand of route leaks each month and we are still isn’t satisfied about opportunities of our detector. But as far as I conern most part of the community still believe that problem is far away and don’t affect them at all.

There problem is far away… Let us see. This is route leaks for RIPE NCC AS. This shot-term death leaks – when customer announces full table from one provider to another.

Leak Distribution But death leaks are rare, and they cover only 1% of all cases. The most common error is made not by customer AS, but by transit AS. It is made by using global prefix list for its customers, without paying attention to the origin of the announce. As a result, if customer stops announcing some part if its prefixes to this provider it will take alternative route. For a example from announce customer’s prefix from one provider to peers or also to other providers. If you are customer of such AS, you wouldn’t be able to redirect traffic from this AS in all cases, even if this provider experiencing stable packet loss. It just highlight that there is major misunderstanding how transit AS should work.

Strange leaks are very strange And now strange leaks. By strange leak we define all leaks that we couldn’t simply explain. They don’t look like some common mistake - leaker and victim are not related to each other. In this issue were leaked all and only Google prefixes. I don’t think MIT could affect Google, but I could guarantee that this incident strongly affected latency to all Google services in Russian region. Target Leak of Google’s prefixes

30% of leaks are long-term and unnoticed! Route Leak Dynamics The incident with Google lasted for a day. Despite the fact that most of routing incidents are short-term there are 30% of leaks that are stable. What does this mean? This just demonstrate that I are fully unnoticed. 30% of leaks are long-term and unnoticed!

What could be done? Outbound prefix filtering; Inbound prefix filtering or prefix limit; Collaboration, more collaboration! Announce isn’t end of story, you need to monitor it; So what could be done? First of all there are some common receipts such as prefix filtering or prefix limit. But at the same time community must understand that routing incidents are not related only to some well known hijacks that took place few years ago. It is about your prefixes and it is happening now.

Monitoring announces Raw data RIPE & Routeviews – thank you! Renesys BGPMon Radar by Qrator If you want to monitor your prefixes you can use raw data from RIPE & Routeviews and I’d like to thank them for this opportunity. There are also several projects, not all of them are free, that could provide you notifications related to routing incidents.

Questions? radar.qrator.net