Accurate real-time identification of IP prefix hijacking

Accurate Real-Time Identification of IP Prefix Hijacking

By analogy with the identity theft, IP-address hijacking, also known as the fraudulent origin of the attack was to steal the IP-addresses belonging to other networks. The attack on the routing infrastructure or the Internet control plane. To achieve this, the attackers seized the addresses from the prefixes of net works under their control, so that they could use the stolen addresses for sending and receiving traffic. To simplify, the term "IP theft" refers to the capture IP-address prefixes.

Strikers May to block the IP address space for two purposes: (1) to conduct malicious activities such as spamming and DoS attacks without worrying about disclosing their identity through the IP-address of the source. Note that the IP-address of the source, although it can easily be spoofed because of the lack of ubiquitous deployment of ingress filtering, a TCP connection re still requires the use of routable IP address. (2) intentionally disrupt the entire web of communication or the attainability of legitimate hosts with numbers stolen address - in fact, a more cautious type of DoS attack. Both types of theft can significantly undermine the stability and security "Inter net. In addition, the theft of MP were also found to be sold or leased networks needing of IP address space [27]. Note that the symptom of IP hijacking of the victims is similar to Other delays that nontrivial diagnosis.

Moreover, malice, IP theft can also occur as a result of unintentional network improperly. The most striking example is the incident of AS7007 [9], which randomly announced its top provider shortest path to the multiple prefixes belonging to other networks. Her ISP does not filter out these false ads causing large black hole many fronts.

IP hijacking is also known as BGP (Border Gateway Protocol) theft, as well as to receive traffic destined for high jacked IP addresses, an attacker must do these IP ad dresses are known in other parts of the Internet, declaring them via BGP [41, 28, 21], which is a cross routing protocol on the Internet today. BGP route Consists of a prefix, but as a way to achieve this prefix. IP hijacking occurs when AS advertises a prefix, that he was not authorized to use either specially or by accident. Since the current BGP protocol implements authentication of little and often involves a significant level of trust between peers. IP theft is easy to succeed. Moreover, since BGP router may not know the routing policies of its neighbors, can not accurately evaluate the routing announcement, this leads to considerable difficulties in preventing malicious or mis-configured routing information from spreading across the Internet.

The obvious way to prevent the theft of IP is to ensure proper configuration of route filters in the network of linkages between providers and their clients prevents consumers from frames announces routes for prefixes they do not know. Nevertheless, it is difficult and not enough: (1) Providers do not always know which address ...