Abstract
The Internet is comprised of a lot of interconnected networks communicating reachability information using BGP. Due to the design based on trust between networks, IP prefix hijacking can occurs, which is caused by wrong routing information. This results in a serious security threat in the Internet routing system. In this paper, we present an effective and practical approach for detecting IP prefix hijacking without major change to the current routing infrastructure. To detect IP prefix hijacking event, we are monitoring routing update messages that show wrong announcement of IP prefix origin. When a suspicious BGP update that causes MOAS conflict is received, the detection system starts idle scan for IP ID probing so that distinguish IP prefix hijacking event from legitimate routing update.
This work was partly supported by the IT R&D program of MKE/IITA [2008-F-016-02, CASFI] and WCU program through the KSEF of MEST, Korea [R31-2008-000-10100-0].
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
North America Network Operator’s Group, NANOG: NANOG Mailing Lists, http://www.nanog.org/mailinglist/
Lynn, C., Mikkelson, J., Seo, K.: Secure BGP (S-BGP) (June 2003); IETF Draft: draft-clynn-s-bgp-protocol-01.txt
Weis, B.: Secure Origin BGP (soBGP) Certificates (July 2004); IETF Draft: draft-weis-sobgp-certificates-02.txt
Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Topology-based Detection of Anomalous BGP Messages. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 17–35. Springer, Heidelberg (2003)
Lad, M., Massey, D., Pei, D.: PHAS: A Prefix Hijacking Alert System. In: Proceedings of the 15th USENIX Security Symposium, Vancouver, B.C., Canada, August 2006, pp. 153–166 (2006)
Barbir, A., Murphy, S., Yang, Y.: Generic Threats to Routing Protocols (October 2004); IETF Draft: draft-ietf-rpsec-routing-threats-07
Christian, B., Tauber, T.: BGP Security Requirements (March 2006); IETF Draft: draft-ietf-rpsec-bgpsecrec-04
BGP Routing Table Analysis Reports, BGP Reports, http://bgp.potaroo.net/
Zhao, X., Pei, D., Wang, L., Massey, D., Mankin, A., Wu, S.F., Zhang, L.: An Analysis of BGP Multiple Origin AS (MOAS) Conflicts. In: Proceedings of the 1st ACM SIGCOMM workshop on Internet Measurement, San Francisco, USA, November 2001, pp. 31–35 (2001)
Karlin, J., Forrest, S., Rexford, J.: Pretty Good BGP: Improving BGP by Cautiously Adopting Routes. In: Proceedings of the 14th IEEE International Conference on Network Protocols, Santa Barbara, California, USA, November 2006, pp. 290–299 (2006)
Ballani, H., Francis, P., Zhang, X.: A Study of Prefix Hijacking and Interception in the Internet. ACM SIGCOMM Computer Communication Review 37(4) (October 2007)
Hu, X., Mao, Z.M.: Accurate Real-time Identification of IP Prefix Hijacking. In: Proceedings of the IEEE Security and Privacy, Oakland, California, USA, May 2007, pp. 3–17 (2007)
Insecure.Org., TCP Idle Scan (-sI), http://nmap.org/book/idlescan.html
Tahara, M., Tateishi, N., Oimatsu, T., Majima, S.: A Method to Detect Prefix Hijacking by Using Ping Tests. In: Ma, Y., Choi, D., Ata, S. (eds.) APNOMS 2008. LNCS, vol. 5297, pp. 390–398. Springer, Heidelberg (2008)
Mao, Z.M., Rexford, J., Wang, J., Katz, R.H.: Towards an Accurate AS-level Traceroute Tool. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Karlsruhe, Germany, August 2003, pp. 365–378 (2003)
Zheng, C., Ji, L., Pei, D., Wang, J., Francis, P.: A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-time. ACM SIGCOMM Computer Communication Review 37(4) (October 2007)
Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M., Bush, R.: iSPY: Detecting IP Prefix Hijacking on My Own. In: Proceedings of the ACM SIGCOMM 2008 conference on Data Communication, Seattle, USA, pp. 327–338 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hong, SC., Ju, HT., Hong, J.W. (2009). IP Prefix Hijacking Detection Using Idle Scan. In: Hong, C.S., Tonouchi, T., Ma, Y., Chao, CS. (eds) Management Enabling the Future Internet for Changing Business and New Computing Services. APNOMS 2009. Lecture Notes in Computer Science, vol 5787. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04492-2_40
Download citation
DOI: https://doi.org/10.1007/978-3-642-04492-2_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04491-5
Online ISBN: 978-3-642-04492-2
eBook Packages: Computer ScienceComputer Science (R0)