Sciweavers

SIGCOMM
2012
ACM

Towards detecting BGP route hijacking using the RPKI

12 years 3 months ago
Towards detecting BGP route hijacking using the RPKI
Prefix hijacking has always been a big concern in the Internet. Some events made it into the international world-news, but most of them remain unreported or even unnoticed. The scale of the problem can only be estimated. The Resource Publication Infrastructure (RPKI) is an effort by the IETF to secure the inter-domain routing system. It includes a formally verifiable way of identifying who owns legitimately which portion of the IP address space. The RPKI has been standardized and prototype implementations are tested by Internet Service Providers (ISPs). Currently the system holds already about 2% of the Internet routing table. Therefore, in theory, it should be easy to detect hijacking of prefixes within that address space. We take an early look at BGP update data and check those updates against the RPKI—in the same way a router would do, once the system goes operational. We find many interesting dynamics, not all can be easily explained as hijacking, but a significant number a...
Matthias Wählisch, Olaf Maennel, Thomas C. Sc
Added 27 Sep 2012
Updated 27 Sep 2012
Type Journal
Year 2012
Where SIGCOMM
Authors Matthias Wählisch, Olaf Maennel, Thomas C. Schmidt
Comments (0)