Abstract
We propose an improved technique to detect BGP (Border Gateway Protocol) prefix hijacking. BGP prefix hijacking is caused by improper BGP routing information advertisements. When an AS’s prefix is hijacked by an improper BGP routing information advertisement from another AS, the hijacked AS can not communicate with other ASs because traffic to the prefix is delivered to the hijacking AS, not the hijacked AS. The method used in major detection systems, such as ENCORE and Keiro-Bugyo, validates each BGP routing information update against BGP routing information stored in IRR (Internet Routing Registry) databases. In order for this method to work, correct BGP routing information must be stored in the IRR. If BGP routing information is advertised to the Internet before being registered with the IRR, it is considered as an instance of prefix hijacking, even if the advertised routing information is valid. We propose a method of detecting prefix hijacking that uses ping tests from two or more ASs. The key idea is that, when an AS receives a BGP update, it executes ping tests to the received prefix; another AS, one that has not received that update also performs similar ping tests. Test results are compared to decide whether prefix hijacking has occurred or not.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Rekhter, Li.: A Border Gateway Protocol 4 (BGP-4), RFC (1771)
Lynn, C., Mikkelson, J., Seo, K.: Secure BGP (S-BGP), draft-clynn-s-bgp-protocol-01.txt
White, R.: Architecture and Deployment Considerations for Secure Origin BGP (soBGP), draft-white-sobgparchitecture-00.txt
Toshimitsu, O., Mitsuho, T., Kazuo, K.: A study on the method to observe hijack route. Technical report of IEICE. TM, TM2004-37
http://www.soumu.go.jp/menu_02/ictseisaku/ictR-D/jigyou_ichiran_h18_2.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tahara, M., Tateishi, N., Oimatsu, T., Majima, S. (2008). A Method to Detect Prefix Hijacking by Using Ping Tests. In: Ma, Y., Choi, D., Ata, S. (eds) Challenges for Next Generation Network Operations and Service Management. APNOMS 2008. Lecture Notes in Computer Science, vol 5297. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88623-5_40
Download citation
DOI: https://doi.org/10.1007/978-3-540-88623-5_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88622-8
Online ISBN: 978-3-540-88623-5
eBook Packages: Computer ScienceComputer Science (R0)