Skip to main content
SpringerLink
Log in

A Method to Detect Prefix Hijacking by Using Ping Tests

  • Conference paper
Challenges for Next Generation Network Operations and Service Management (APNOMS 2008)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 5297))

Included in the following conference series:

Abstract

We propose an improved technique to detect BGP (Border Gateway Protocol) prefix hijacking. BGP prefix hijacking is caused by improper BGP routing information advertisements. When an AS’s prefix is hijacked by an improper BGP routing information advertisement from another AS, the hijacked AS can not communicate with other ASs because traffic to the prefix is delivered to the hijacking AS, not the hijacked AS. The method used in major detection systems, such as ENCORE and Keiro-Bugyo, validates each BGP routing information update against BGP routing information stored in IRR (Internet Routing Registry) databases. In order for this method to work, correct BGP routing information must be stored in the IRR. If BGP routing information is advertised to the Internet before being registered with the IRR, it is considered as an instance of prefix hijacking, even if the advertised routing information is valid. We propose a method of detecting prefix hijacking that uses ping tests from two or more ASs. The key idea is that, when an AS receives a BGP update, it executes ping tests to the received prefix; another AS, one that has not received that update also performs similar ping tests. Test results are compared to decide whether prefix hijacking has occurred or not.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Rekhter, Li.: A Border Gateway Protocol 4 (BGP-4), RFC (1771)

    Google Scholar 

  2. Lynn, C., Mikkelson, J., Seo, K.: Secure BGP (S-BGP), draft-clynn-s-bgp-protocol-01.txt

    Google Scholar 

  3. White, R.: Architecture and Deployment Considerations for Secure Origin BGP (soBGP), draft-white-sobgparchitecture-00.txt

    Google Scholar 

  4. Toshimitsu, O., Mitsuho, T., Kazuo, K.: A study on the method to observe hijack route. Technical report of IEICE. TM, TM2004-37

    Google Scholar 

  5. http://www.janog.gr.jp/meeting/janog19/2006/11/jpirr.html

  6. http://www.radb.net/

  7. http://www.nic.ad.jp/ja/ip/irr/index.html

  8. http://www.nic.ad.jp/doc/jpnic-01048.html#3

  9. http://www.soumu.go.jp/menu_02/ictseisaku/ictR-D/jigyou_ichiran_h18_2.html

Download references

Author information

Authors and Affiliations

  1. NTT Network Service Systems Laboratories, NTT Corporation, 9-11 Midori-Cho 3-Chome Musashinoshi, Tokyo, 180-8585, Japan

    Mitsuho Tahara, Naoki Tateishi, Toshio Oimatsu & Souhei Majima

Authors
  1. Mitsuho Tahara
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Naoki Tateishi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Toshio Oimatsu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Souhei Majima
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Network Information Center, Beijing University of Posts and Telecommunications, 100876, Beijing, China

    Yan Ma

  2. School of Electronic & Computer Engineering, Chonnam National University, 500-757, Gwangju, Republic of Korea

    Deokjai Choi

  3. Graduate School of Engineering Osaka City University, 3–3–138 Sugimoto, Sumiyoshi-ku, 558–8585, Osaka, Japan

    Shingo Ata

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tahara, M., Tateishi, N., Oimatsu, T., Majima, S. (2008). A Method to Detect Prefix Hijacking by Using Ping Tests. In: Ma, Y., Choi, D., Ata, S. (eds) Challenges for Next Generation Network Operations and Service Management. APNOMS 2008. Lecture Notes in Computer Science, vol 5297. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88623-5_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-88623-5_40

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-88622-8

  • Online ISBN: 978-3-540-88623-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation