Skip to main content
SpringerLink
Log in

IP Prefix Hijacking Detection Using Idle Scan

  • Conference paper
Management Enabling the Future Internet for Changing Business and New Computing Services (APNOMS 2009)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 5787))

Included in the following conference series:

Abstract

The Internet is comprised of a lot of interconnected networks communicating reachability information using BGP. Due to the design based on trust between networks, IP prefix hijacking can occurs, which is caused by wrong routing information. This results in a serious security threat in the Internet routing system. In this paper, we present an effective and practical approach for detecting IP prefix hijacking without major change to the current routing infrastructure. To detect IP prefix hijacking event, we are monitoring routing update messages that show wrong announcement of IP prefix origin. When a suspicious BGP update that causes MOAS conflict is received, the detection system starts idle scan for IP ID probing so that distinguish IP prefix hijacking event from legitimate routing update.

This work was partly supported by the IT R&D program of MKE/IITA [2008-F-016-02, CASFI] and WCU program through the KSEF of MEST, Korea [R31-2008-000-10100-0].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. North America Network Operator’s Group, NANOG: NANOG Mailing Lists, http://www.nanog.org/mailinglist/

  2. Lynn, C., Mikkelson, J., Seo, K.: Secure BGP (S-BGP) (June 2003); IETF Draft: draft-clynn-s-bgp-protocol-01.txt

    Google Scholar 

  3. Weis, B.: Secure Origin BGP (soBGP) Certificates (July 2004); IETF Draft: draft-weis-sobgp-certificates-02.txt

    Google Scholar 

  4. Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Topology-based Detection of Anomalous BGP Messages. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 17–35. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  5. Lad, M., Massey, D., Pei, D.: PHAS: A Prefix Hijacking Alert System. In: Proceedings of the 15th USENIX Security Symposium, Vancouver, B.C., Canada, August 2006, pp. 153–166 (2006)

    Google Scholar 

  6. Barbir, A., Murphy, S., Yang, Y.: Generic Threats to Routing Protocols (October 2004); IETF Draft: draft-ietf-rpsec-routing-threats-07

    Google Scholar 

  7. Christian, B., Tauber, T.: BGP Security Requirements (March 2006); IETF Draft: draft-ietf-rpsec-bgpsecrec-04

    Google Scholar 

  8. BGP Routing Table Analysis Reports, BGP Reports, http://bgp.potaroo.net/

  9. Zhao, X., Pei, D., Wang, L., Massey, D., Mankin, A., Wu, S.F., Zhang, L.: An Analysis of BGP Multiple Origin AS (MOAS) Conflicts. In: Proceedings of the 1st ACM SIGCOMM workshop on Internet Measurement, San Francisco, USA, November 2001, pp. 31–35 (2001)

    Google Scholar 

  10. Karlin, J., Forrest, S., Rexford, J.: Pretty Good BGP: Improving BGP by Cautiously Adopting Routes. In: Proceedings of the 14th IEEE International Conference on Network Protocols, Santa Barbara, California, USA, November 2006, pp. 290–299 (2006)

    Google Scholar 

  11. Ballani, H., Francis, P., Zhang, X.: A Study of Prefix Hijacking and Interception in the Internet. ACM SIGCOMM Computer Communication Review 37(4) (October 2007)

    Google Scholar 

  12. Hu, X., Mao, Z.M.: Accurate Real-time Identification of IP Prefix Hijacking. In: Proceedings of the IEEE Security and Privacy, Oakland, California, USA, May 2007, pp. 3–17 (2007)

    Google Scholar 

  13. Insecure.Org., TCP Idle Scan (-sI), http://nmap.org/book/idlescan.html

  14. Tahara, M., Tateishi, N., Oimatsu, T., Majima, S.: A Method to Detect Prefix Hijacking by Using Ping Tests. In: Ma, Y., Choi, D., Ata, S. (eds.) APNOMS 2008. LNCS, vol. 5297, pp. 390–398. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  15. Mao, Z.M., Rexford, J., Wang, J., Katz, R.H.: Towards an Accurate AS-level Traceroute Tool. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Karlsruhe, Germany, August 2003, pp. 365–378 (2003)

    Google Scholar 

  16. Zheng, C., Ji, L., Pei, D., Wang, J., Francis, P.: A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-time. ACM SIGCOMM Computer Communication Review 37(4) (October 2007)

    Google Scholar 

  17. Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M., Bush, R.: iSPY: Detecting IP Prefix Hijacking on My Own. In: Proceedings of the ACM SIGCOMM 2008 conference on Data Communication, Seattle, USA, pp. 327–338 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science and Engineering, POSTECH, Korea

    Seong-Cheol Hong & James W. Hong

  2. Dept. of Computer Engineering, Keimyung University, Korea

    Hong-Taek Ju

Authors
  1. Seong-Cheol Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hong-Taek Ju
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. James W. Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, Kyung Hee University, 1 Seocheon, Giheung, Yongin, 446-701, Gyeonggi, South Korea

    Choong Seon Hong

  2. Service Platforms Laboratories, NEC Corporation, 1753, Shimonumabe, Nakahara-Ku, Kawasaki, Kanagawa 211, 8666, Japan

    Toshio Tonouchi

  3. Information Network Center, Beijing University of Posts and Telecommunications, 10 Xitucheng Road, Haidian District, 100876, Beijing, China

    Yan Ma

  4. Department of Communications Engineering, Feng Chia University, 100 Wenhwa Road, Seatwen, 40724, Taichung, Taiwan

    Chi-Shih Chao

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hong, SC., Ju, HT., Hong, J.W. (2009). IP Prefix Hijacking Detection Using Idle Scan. In: Hong, C.S., Tonouchi, T., Ma, Y., Chao, CS. (eds) Management Enabling the Future Internet for Changing Business and New Computing Services. APNOMS 2009. Lecture Notes in Computer Science, vol 5787. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04492-2_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04492-2_40

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04491-5

  • Online ISBN: 978-3-642-04492-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation