Sciweavers

CONEXT
2007
ACM

Practical defenses against BGP prefix hijacking

14 years 3 months ago
Practical defenses against BGP prefix hijacking
Prefix hijacking, a misbehavior in which a misconfigured or malicious BGP router originates a route to an IP prefix it does not own, is becoming an increasingly serious security problem in the Internet. In this paper, we conduct a first comprehensive study on incrementally deployable mitigation solutions against prefix hijacking. We first propose a novel reactive detection-assisted solution based on the idea of bogus route purging and valid route promotion. Our simulations based on realistic settings show that purging bogus routes at 20 highest-degree ASes reduces the polluted portion of the Internet by a random prefix hijack down to 24%, and adding promotion further reduces the remaining pollution by 33% 57%, even defending against attack collusion. We prove that our proposed route purging and promotion scheme preserve the convergence properties of BGP regardless of the number of promoters. We are the first to demonstrate that detection systems based on a limited number of BGP feeds...
Zheng Zhang, Ying Zhang, Y. Charlie Hu, Zhuoqing M
Added 14 Aug 2010
Updated 14 Aug 2010
Type Conference
Year 2007
Where CONEXT
Authors Zheng Zhang, Ying Zhang, Y. Charlie Hu, Zhuoqing Morley Mao
Comments (0)