A LIGHT-WEIGHT DISTRIBUTED SCHEME FOR DETECTING IP PREFIX HIJACKS IN REAL TIME Changxi Zheng, Lusheng Ji, Dan Pei, Jia Wang and Paul Francis. Cornell University,

Slides:

Advertisements

Similar presentations

IEEE CCW 08 New Network Architectures: Why Bother? Paul Francis Cornell.

Advertisements

Locating Prefix Hijackers using LOCK Tongqing Qiu +, Lusheng Ji *, Dan Pei * Jia Wang *, Jun (Jim) Xu +, Hitesh Ballani ++ + College of Computing, Georgia.

Chapter 22 Network Layer: Delivery, Forwarding, and Routing.

Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

BGP Multiple Origin AS (MOAS) Conflict Analysis Xiaoliang Zhao, NCSU S. Felix Wu, UC Davis Allison Mankin, Dan Massey, USC/ISI Dan Pei, Lan Wang, Lixia.

Seongcheol Hong, POSTECHPhD Thesis Defense 1/30 Network Reachability-based IP Prefix Hijacking Detection - PhD Thesis Defense - Seongcheol Hong Supervisor:

Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.

By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.

Making Routers Last Longer with ViAggre Hitesh Ballani, Paul Francis, Tuan Cao and Jia Wang Cornell University and AT&T Labs- Research Presented by Gregory.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

Traffic Engineering With Traditional IP Routing Protocols

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

Analysis of BGP Routing Tables

MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

Bgpmon real-time collection and distribution of BGP updates Dave Matthews, Yan Chen, Dan Massey Department of Computer Science Colorado State University.

Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.

A a secure peering. RIB table dump by attributes in order to save space. References 1. RouteViews, 2. RIPE,

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

PKI To The Masses IPCCC 2004 Dan Massey USC/ISI. 1 March PKI Is Necessary l My PKI related actions since arriving at IPCCC n Used an.

© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Planning the Enterprise-to-ISP Connection.

OSPF To route, a router needs to do the following: Know the destination address Identify the sources it can learn from Discover possible.

Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network BGP Attributes and Path Selection Process.

Real-Time BGP Data Access 1 Mikhail Strizhov Colorado State University.

M.Menelaou CCNA2 ROUTING. M.Menelaou ROUTING Routing is the process that a router uses to forward packets toward the destination network. A router makes.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 6 Routing and Routing Protocols.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 6 Routing and Routing Protocols.

Paper Presentation – CAP Page 2 Outline Review - DNS Proposed Solution Simulation Results / Evaluation Discussion.

How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.

Advanced Networking Lab. Given two IP addresses, the estimation algorithm for the path and latency between them is as follows: Step 1: Map IP addresses.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡

1 A Framework for Measuring and Predicting the Impact of Routing Changes Ying Zhang Z. Morley Mao Jia Wang.

Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.

CS 4396 Computer Networks Lab BGP. Inter-AS routing in the Internet: (BGP)

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 16 PHILLIPA GILL - STONY BROOK U.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—2-1 Implementing an EIGRP-Based Solution Lab 2-2 Debrief.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.

Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research Copyright © 2002 by John Ioannidis. All Rights Reserved.

Text BGP Basics. Document Name CONFIDENTIAL Border Gateway Protocol (BGP) Introduction to BGP BGP Neighbor Establishment Process BGP Message Types BGP.

KYUNG-HWA KIM HENNING SCHULZRINNE 12/09/2008 INTERNET REAL-TIME LAB, COLUMBIA UNIVERSITY DYSWIS.

Inter-domain Routing Outline Border Gateway Protocol.

Internet Traffic Engineering Motivation: –The Fish problem, congested links. –Two properties of IP routing Destination based Local optimization TE: optimizing.

intra-va-01.txt -01 Draft of: “FIB Suppression with Virtual Aggregation and Default Routes” Paul.

IP Spoofing. What Is IP Spoofing Putting a fake IP address in the IP header field for source address (requires root)

BGP security some slides borrowed from Jen Rexford (Princeton U)

1 On the Impact of Route Monitor Selection Ying Zhang* Zheng Zhang # Z. Morley Mao* Y. Charlie Hu # Bruce M. Maggs ^ University of Michigan* Purdue University.

Introduction to OSPF Campus Networking Workshop These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license.

Introduction to Dynamic Routing Protocol

Connecting an Enterprise Network to an ISP Network

Scaling Service Provider Networks

Connecting an Enterprise Network to an ISP Network

Routing and Routing Protocols: Routing Static

COMP 3270 Computer Networks

CCNA 2 v3.1 Module 6 Routing and Routing Protocols

Early Measurements of a Cluster-based Architecture for P2P Systems

Are We There Yet? On RPKI Deployment and Security

COS 561: Advanced Computer Networks

Routing and Routing Protocols: Routing Static

© 2006 ITT Educational Services Inc.

BGP Multiple Origin AS (MOAS) Conflict Analysis

An Analysis of BGP Multiple Origin AS (MOAS) Conflicts

COS 561: Advanced Computer Networks

BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)

Presentation transcript:

A LIGHT-WEIGHT DISTRIBUTED SCHEME FOR DETECTING IP PREFIX HIJACKS IN REAL TIME Changxi Zheng, Lusheng Ji, Dan Pei, Jia Wang and Paul Francis. Cornell University, Ithaca, NY SIGCOMM’07

Outline  Prefix Hijacking  Problem  Related Work  Solution  Evaluation  Summary

Prefix Hijacking  IP Prefix Hijacking is the process of taking over of groups of IP addresses by corrupting the routing tables  An Autonomous System (AS) is a collection of connected IP routing prefixes under the control of one or more network operators (ISP ? ). Routing tables between ASes are maintained using the BGP

Problem  Today’s Internet has no authentication mechanisms for routing announcements  Prefix Hijacks:  Blackholing  Imposture  Interception

Related Work  Crypto-based solutions require BGP to sign & verify the origin AS [Requires Public Key Infrastructure]  Non-Crypto solutions require changing router softwares so that inter-AS queries are supported

Solution – Monitoring Network Location

Solution - Detecting Path Disagreement Original Legitimate Route change (Load Balancing, congestion … etc) Prefix Hijacking

Evaluation  Detection Accuracy  Detection Latency ( avg ~ 7.38 measurements)  No automatic detection for sub-prefix hijacks  Hop count measurements are countered by manually modifying TTL values

Summary  The proposed scheme:  Light-weight  Highly accurate in hijack detection  Real-time detection  Easily deployed ( no network configuration changes, no PK required, no router software changes)