Presentation is loading. Please wait.

Presentation is loading. Please wait.

A LIGHT-WEIGHT DISTRIBUTED SCHEME FOR DETECTING IP PREFIX HIJACKS IN REAL TIME Changxi Zheng, Lusheng Ji, Dan Pei, Jia Wang and Paul Francis. Cornell University,

Published byChad Edwards Modified over 9 years ago

Similar presentations

Presentation on theme: "A LIGHT-WEIGHT DISTRIBUTED SCHEME FOR DETECTING IP PREFIX HIJACKS IN REAL TIME Changxi Zheng, Lusheng Ji, Dan Pei, Jia Wang and Paul Francis. Cornell University,"— Presentation transcript:

1 A LIGHT-WEIGHT DISTRIBUTED SCHEME FOR DETECTING IP PREFIX HIJACKS IN REAL TIME Changxi Zheng, Lusheng Ji, Dan Pei, Jia Wang and Paul Francis. Cornell University, Ithaca, NY SIGCOMM’07

2 Outline  Prefix Hijacking  Problem  Related Work  Solution  Evaluation  Summary

3 Prefix Hijacking  IP Prefix Hijacking is the process of taking over of groups of IP addresses by corrupting the routing tables  An Autonomous System (AS) is a collection of connected IP routing prefixes under the control of one or more network operators (ISP ? ). Routing tables between ASes are maintained using the BGP

4 Problem  Today’s Internet has no authentication mechanisms for routing announcements  Prefix Hijacks:  Blackholing  Imposture  Interception

5 Related Work  Crypto-based solutions require BGP to sign & verify the origin AS [Requires Public Key Infrastructure]  Non-Crypto solutions require changing router softwares so that inter-AS queries are supported

6 Solution – Monitoring Network Location

7 Solution - Detecting Path Disagreement Original Legitimate Route change (Load Balancing, congestion … etc) Prefix Hijacking

8 Evaluation  Detection Accuracy  Detection Latency ( avg. 6.06 ~ 7.38 measurements)  No automatic detection for sub-prefix hijacks  Hop count measurements are countered by manually modifying TTL values

9 Summary  The proposed scheme:  Light-weight  Highly accurate in hijack detection  Real-time detection  Easily deployed ( no network configuration changes, no PK required, no router software changes)

Download ppt "A LIGHT-WEIGHT DISTRIBUTED SCHEME FOR DETECTING IP PREFIX HIJACKS IN REAL TIME Changxi Zheng, Lusheng Ji, Dan Pei, Jia Wang and Paul Francis. Cornell University,"

Similar presentations

IEEE CCW 08 New Network Architectures: Why Bother? Paul Francis Cornell.

IEEE CCW 08 New Network Architectures: Why Bother? Paul Francis Cornell.
Locating Prefix Hijackers using LOCK Tongqing Qiu +, Lusheng Ji *, Dan Pei * Jia Wang *, Jun (Jim) Xu +, Hitesh Ballani ++ + College of Computing, Georgia.

Locating Prefix Hijackers using LOCK Tongqing Qiu +, Lusheng Ji *, Dan Pei * Jia Wang *, Jun (Jim) Xu +, Hitesh Ballani ++ + College of Computing, Georgia.
Chapter 22 Network Layer: Delivery, Forwarding, and Routing.

Chapter 22 Network Layer: Delivery, Forwarding, and Routing.
Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.

Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
BGP Multiple Origin AS (MOAS) Conflict Analysis Xiaoliang Zhao, NCSU S. Felix Wu, UC Davis Allison Mankin, Dan Massey, USC/ISI Dan Pei, Lan Wang, Lixia.

BGP Multiple Origin AS (MOAS) Conflict Analysis Xiaoliang Zhao, NCSU S. Felix Wu, UC Davis Allison Mankin, Dan Massey, USC/ISI Dan Pei, Lan Wang, Lixia.
Seongcheol Hong, POSTECHPhD Thesis Defense 1/30 Network Reachability-based IP Prefix Hijacking Detection - PhD Thesis Defense - Seongcheol Hong Supervisor:

Seongcheol Hong, POSTECHPhD Thesis Defense 1/30 Network Reachability-based IP Prefix Hijacking Detection - PhD Thesis Defense - Seongcheol Hong Supervisor:
Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.

Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.
By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.

By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.
Making Routers Last Longer with ViAggre Hitesh Ballani, Paul Francis, Tuan Cao and Jia Wang Cornell University and AT&T Labs- Research Presented by Gregory.

Making Routers Last Longer with ViAggre Hitesh Ballani, Paul Francis, Tuan Cao and Jia Wang Cornell University and AT&T Labs- Research Presented by Gregory.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Traffic Engineering With Traditional IP Routing Protocols

Traffic Engineering With Traditional IP Routing Protocols
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Analysis of BGP Routing Tables

Analysis of BGP Routing Tables
MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ
Bgpmon real-time collection and distribution of BGP updates Dave Matthews, Yan Chen, Dan Massey Department of Computer Science Colorado State University.

Bgpmon real-time collection and distribution of BGP updates Dave Matthews, Yan Chen, Dan Massey Department of Computer Science Colorado State University.
Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.

Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.
A a secure peering. RIB table dump by attributes in order to save space. References 1. RouteViews, 2. RIPE,

A a secure peering. RIB table dump by attributes in order to save space. References 1. RouteViews, 2. RIPE,

Similar presentations

Ads by Google