Sciweavers

APNOMS
2009
Springer

IP Prefix Hijacking Detection Using Idle Scan

14 years 7 months ago
IP Prefix Hijacking Detection Using Idle Scan
The Internet is comprised of a lot of interconnected networks communicating reachability information using BGP. Due to the design based on trust between networks, IP prefix hijacking can occurs, which is caused by wrong routing information. This results in a serious security threat in the Internet routing system. In this paper, we present an effective and practical approach for detecting IP prefix hijacking without major change to the current routing infrastructure. To detect IP prefix hijacking event, we are monitoring routing update messages that show wrong announcement of IP prefix origin. When a suspicious BGP update that causes MOAS conflict is received, the detection system starts idle scan for IP ID probing so that distinguish IP prefix hijacking event from legitimate routing update.
Seong-Cheol Hong, Hong-Taek Ju, James W. Hong
Added 25 May 2010
Updated 25 May 2010
Type Conference
Year 2009
Where APNOMS
Authors Seong-Cheol Hong, Hong-Taek Ju, James W. Hong
Comments (0)