Major Project Part II. Isolating Suspicious BGP Updates To Detect Prefix Hijacks
|
|
- Elisabeth Bryan
- 5 years ago
- Views:
Transcription
1 Major Project Part II Isolating Suspicious BGP Updates To Detect Prefix Hijacks Author: Abhishek Aggarwal (IIT Delhi) Co-authors: Anukool Lakhina (Guavus Networks Inc.) Prof. Huzur Saran (IIT Delhi)
2 ! BGP routes can be hijacked by a misbehaving or compromised router. This can have serious consequences! Accidental hijack! AS 9121 incident! Malicious hijack! Used to send SPAM Larry J. Blunk, IEGP Meeting 62 nd IETF, March 6, 2005
3 Isolate suspicious BGP updates for further analysis to detect prefix hijacks
4 Prefix Hijack: Example a. True origin AS 52 announces prefix /16 b. False origin AS 110 announces prefix /16 Figure: AS 110 hijacks prefix of AS 52 Mohit et al., 2006, 15 th USENIX Security Symposium
5 Valid MOAS Case Multihoming without BGP Customer /24 AS 1 AS 2 announces /24 AS X AS Y announces / /24 AS Path: AS X,, AS 1 AS Z /24 AS Path: AS Y,, AS 2 Figure: Multihoming without BGP
6 Valid MOAS Case Private AS number substitution /24 AS 1 AS X Announces /24 Path: AS X AS Y Announces /24 Path: AS Y Figure: Private AS number substitution
7 Basic Philosophy! Analyze past BGP data to establish normal behavior for a prefix! Associate a state with every prefix at a border router! Origin AS is state variable! Track changes in the state to figure out normal changes for prefix! Analyze incoming updates and flag the ones violating the normal
8 Percentage hold time distribution of conflicting ASs is highly skewed %Hold Time Difference Prefix Figure: Percentage hold time difference for MOAS prefixes
9 Negative correlation between % Hold Time Change and AS Path Length Change a. 100 Perecntage Hold Time b. Normalized AS Path Length Backup AS Preferred AS Prefix Figure: (a) Percent hold time Vs Prefix, and (b) Normalized AS path length Vs Prefix
10 Preferred AS Path Length For 84 % prefixes: AS with high percentage hold time has a shorter path length 16% 84% Shorter Total MOAS Prefixes: 124 Longer Figure: Percentage breakup of MOAS prefixes on preferred AS path length
11 AS Path Relationship! Overlap! One path lies on the other! Related origin AS! Cross! Intersect in unique points! Distinct! Independent of each other
12 AS Path Relationship For ~ 88 % multi origin prefixes: Conflicting ASs have overlapping AS paths 8, 6.45% 7, 5.65% Total Prefixes: , 87.90% Distinct Paths Overlapping Paths Crossing Paths Figure: Percentage breakup of prefixes on AS path relationship of conflicting ASs
13 Characteristics of Possible Prefix Hijacks! Change in state of prefix! Multi Origin AS conflict! False origin AS has! Low percentage hold time " Malicious routes are short lived! Shorter AS path length! Distinct or Cross AS path relationship! Deaggregated prefix
14 Metrics! Change in Percentage hold time of conflicting ASs! Change in AS path length! AS path relationship! Overlapping! Cross! Distinct
15 Decision Tree Branch 1 Announcement Update Change in State MOAS Conflict Investigate Further + Percentage Hold Time Change - AS PATH Length Change AS PATH Length Change - AS PATH Relation AS PATH Relation AS PATH Relation AS PATH Relation Cross Overlap Distinct Cross Overlap Distinct Cross Overlap Distinct Cross Overlap Traffic En gineering Normal Low Suspicion Normal Low Suspicion Moderate Susp icio n Distinct High Suspicion
16 Decision Tree Branch 2 Update Announcement Withdrawal Change in State New Prefix Announcements No Change in State MOAS Conflict No MOAS Conflict Safe/Accepted Investigate Further MOAS Deaggregation Deaggregated Prefixes Self Deaggregation Distinct Prefixes Investigate Further Cross Low Suspicion Safe/Accepted AS PATH Relation Overlap High Suspicion Distinct
17 Algorithm/ Decision Tree
18 Architecture Diagram COLLECTION ENGINE PRESENTATION ENGINE DATABASE DATA ANALYSIS ENGINE CLASSIFICATION ENGINE Existing data
19 Abilene routing data for 2 months 1 st month s data Warm Up Phase 2 nd month s data Phase
20 Total Updates processed = , 49% 60, 43% Total Updates Flagged: , 8% High Suspicion Medium Suspicion Low Suspicion Figure: Percentage break up of flagged updates
21 26% 74% Total Updates: Announcements Withdrawals Figure: Percentage break up of updates 933, 0.19% , 34.56% , 65.25% Total Annoucements: Change State No Change in State New Prefix Announcements Figure: Percentage break up of announcements
22 958, 0.56% , 99.44% Total Annoucements Causing Change in State: MOAS Conflict No MOAS Conflict Figure: Percentage break up of announcements causing change in state 53, 5% 11, 1% 35, 3% 905, 91% Total MOAS Conflicts: 958 Valid Cases High Suspicion Medium Suspicion Low Suspicion Figure: Percentage break up of MOAS conflict cases
23 7, 1% 32, 3% 373, 40% 521, 56% Total New Prefix Announcements: 958 No Deaggregation Self Deaggregation High Suspicion Low Suspicion Figure: Percentage break up of new prefix announcements
24 Some Interesting Incidents Deaggregation Existing Covering Prefix: /16 Origin AS: 668 AS Path: 668 Deaggregation Prefix: /24 Origin AS: New AS Path: AS Path Relation: Distinct
25 Some Interesting Incidents Replacement Existing Status: Active Origin AS: 5050 AS Path: 5050 Hold Time %: New AS Path Relationship: Distinct Origin AS: 559 AS Path: Hold Time %: Prefix: /24
26 ! Past BGP data about a prefix can help to determine safe changes to the state of the prefix! Percentage hold time change, AS path length change and AS path relationship are useful metrics to filter out valid MOAS incidents! Normally, percentage hold time change and AS path length change have a negative correlation
27 Key Benefits! Help network operators! Enable manual data analysis! Inject new detection schemes! Readily deployable! Incremental deployment! Build base truth on prefix hijacks
28 Future Scope of Work Work Done! Finding new relevant metrics to isolate and classify prefix hijack incidents with higher probability! Fusing Internet wide Route Views data with local AS data! Fusing Internet traffic data with routing data Future Work
29 Work Done!Anirudh Ramachandaran,Nick Feamster. On understanding Network Level behavior of spammers. In Proc. ACM SIGCOMM Conference, 2006.!Ola Nordstrom, Constantinos Dovrolis. Beware of BGP Attacks. In ACM SIGCOMM Communications Review, April 2004.!Mohit Lad, Dan Massey, Dan Pie. Prefix Hijack Alert System. In 15th USENIX Security Symposium, USENIX Security 2006.!Xiaoliang Zhao, Dan Pei, Lan Wang and Dan Massey. An analysis of BGP MOAS conflicts. In ACM SIGCOMM Workshop on Internet Measurement,2002.!C. Lynn, S. Kent and K.Seo. Secure border Gateway protocol (S-BGP). In IEEE JSAC Special Issue on Network Security,2002.
30 Work Done Thank You!
Detecting inconsistencies in INRDB data
Detecting inconsistencies in INRDB data to identify MOAS cases and possible illegitimate Internet resource usage Peter Ruissen System and Network Engineering University of Amsterdam December 11, 2007 1
More informationSecuring BGP Networks using Consistent Check Algorithm
Securing BGP Networks using Consistent Check Algorithm C. K. Man, K.Y. Wong, and K. H. Yeung Abstract The Border Gateway Protocol (BGP) is the critical routing protocol in the Internet infrastructure.
More informationAS-CRED: Reputation Service for Trustworthy Inter-domain Routing
AS-CRED: Reputation Service for Trustworthy Inter-domain Routing Krishna Venkatasubramanian Computer and Information Science University of Pennsylvania ONR MURI N00014-07-1-0907 Review Meeting June 10,
More informationUnderstanding BGP Miscounfiguration
Understanding Archana P Student of Department of Electrical & Computer Engineering Missouri University of Science and Technology appgqb@mst.edu 16 Feb 2017 Introduction Background Misconfiguration Outline
More informationSecurity in inter-domain routing
DD2491 p2 2011 Security in inter-domain routing Olof Hagsand KTH CSC 1 Literature Practical BGP pages Chapter 9 See reading instructions Beware of BGP Attacks (Nordström, Dovrolis) Examples of attacks
More informationOn the Characteristics of BGP Multiple Origin AS Conflicts
1 On the Characteristics of BGP Multiple Origin AS Conflicts Kwan-Wu Chin School of Electrical, Computer and Telecommunications Engineering University of Wollongong Northfields Avenue, NSW, Australia kwanwu@uow.edu.au
More informationMeasuring and Analyzing on Effection of BGP Session Hijack Attack
Measuring and Analyzing on Effection of BGP Session Hijack Attack ZHAO JINJING 1,2, LI YUANLING 1,2, LIU LI 1,2 1 National Key Laboratory of Science and Technology on Information System Security 2 Beijing
More informationVisTracer: A Visual Analytics Tool to Investigate Routing Anomalies in Traceroutes
Symposium on Visualization for Cyber Security (VizSec 2012) 15th October 2012, Seattle, WA, USA VisTracer: A Visual Analytics Tool to Investigate Routing Anomalies in Traceroutes Fabian Fischer 1, J. Fuchs
More informationUnderstanding Resiliency of Internet Topology Against Prefix Hijack Attacks
Understanding Resiliency of Internet Topology Against Prefix Hijack Attacks Mohit Lad Ricardo Oliveira Beichuan Zhang Lixia Zhang Abstract A prefix hijack attack involves an attacker announcing victim
More informationDetection of Invalid Routing Announcement in the Internet Λ
Detection of Invalid Routing Announcement in the Internet Λ Xiaoliang Zhao, Dan Pei, Lan Wang, Dan Massey, Allison Mankin, S. Felix Wu,Lixia Zhang y Abstract Network measurement has shown that a specific
More informationAPT Incremental Deployment
APT Incremental Deployment Dan Jen, Michael Meisel, Daniel Massey, Lan Wang, Beichuan Zhang, Lixia Zhang http://www.cs.ucla.edu/~meisel/draft-apt-incremental-00.txt 1 Why This Talk Incrememtal deployability
More informationBGP Security via Enhancements of Existing Practices
IEEE International Conference on Communications 2009 1 BGP Security via Enhancements of Existing Practices Xiaoliang Zhao, David T. Kao * Abstract Border Gateway Protocol (BGP) is the de-facto inter-domain
More informationOn the characteristics of BGP multiple origin AS conflicts
University of Wollongong Research Online Faculty of Informatics - Papers (Archive) Faculty of Engineering and Information Sciences 2007 On the characteristics of BGP multiple origin AS conflicts Kwan-Wu
More informationCE Advanced Network Security Routing Security II
CE 817 - Advanced Network Security Routing Security II Lecture 21 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially
More informationEvaluation of Prefix Hijacking Impact Based on Hinge-Transmit Property of BGP Routing System
Evaluation of Prefix Hijacking Impact Based on Hinge-Transmit Property of BGP Routing System Evaluation of Prefix Hijacking Impact Based on Hinge-Transmit Property of BGP Routing System School of Computer,
More informationBGP Anomaly Detection. Bahaa Al-Musawi PhD candidate Supervisors: Dr. Philip Branch and Prof. Grenville Armitage.
BGP Anomaly Detection Bahaa Al-Musawi PhD candidate Supervisors: Dr. Philip Branch and Prof. Grenville Armitage balmusawi@swin.edu.au Centre for Advanced Internet Architectures (CAIA) Swinburne University
More informationOn Reverse Engineering the Management Actions from Observed BGP Data
On Reverse Engineering the Management Actions from Observed BGP Data Shih Ming Tseng, S. Felix Wu University of California, Davis Email: {smtseng,sfwu}@ucdavis.edu Xiaoliang Zhao Verizon Communications
More informationInterdomain routing CSCI 466: Networks Keith Vertanen Fall 2011
Interdomain routing CSCI 466: Networks Keith Vertanen Fall 2011 Overview Business relationships between ASes Interdomain routing using BGP Advertisements Routing policy Integration with intradomain routing
More informationAn Empirical Study of Behavioral Characteristics of Spammers: Findings and Implications
An Empirical Study of Behavioral Characteristics of Spammers: Findings and Implications Zhenhai Duan, Kartik Gopalan, Xin Yuan Abstract In this paper we present a detailed study of the behavioral characteristics
More informationMeasurement of Highly Active Prefixes in BGP
1 Measurement of Highly Active Prefixes in BGP Ricardo V. Oliveira, Rafit Izhak-Ratzin, Beichuan Zhang, Lixia Zhang Abstract We conduct a systematic study on the pervasiveness and persistency of one specific
More informationIntroduction to IP Routing. Geoff Huston
Introduction to IP Routing Geoff Huston Routing How do packets get from A to B in the Internet? A Internet B Connectionless Forwarding Each router (switch) makes a LOCAL decision to forward the packet
More informationAnalysis of BGP Prefix Origins During Google s May 2005 Outage
Analysis of BGP Prefix Origins During Google s May 2005 Outage Tao Wan Paul C. van Oorschot School of Computer Science Carleton University, Ottawa, Canada {twan, paulv}@scs.carleton.ca Abstract Google
More informationA Measurement Study of BGP Misconfiguration
A Measurement Study of BGP Misconfiguration Ratul Mahajan, David Wetherall, and Tom Anderson University of Washington Motivation Routing protocols are robust against failures Meaning fail-stop link and
More informationInternet Kill Switches Demystified
Internet Kill Switches Demystified Benjamin Rothenberger, Daniele E. Asoni, David Barrera, Adrian Perrig EuroSec 17, Belgrade B.Rothenberger 23.04.2017 1 B.Rothenberger 23.04.2017 2 Internet Kill Switches
More informationInvestigating occurrence of duplicate updates in BGP announcements
Investigating occurrence of duplicate updates in BGP announcements Jong Han Park 1, Dan Jen 1, Mohit Lad 2, Shane Amante 3, Danny McPherson 4, and Lixia Zhang 1 1 University of California, Los Angeles
More informationE : Internet Routing
E6998-02: Internet Routing Lecture 16 Border Gateway Protocol, Part V John Ioannidis AT&T Labs Research ji+ir@cs.columbia.edu Copyright 2002 by John Ioannidis. All Rights Reserved. Announcements Lectures
More informationProtecting DNS from Routing Attacks -Two Alternative Anycast Implementations
Protecting DNS from Routing Attacks -Two Alternative Anycast Implementations Boran Qian StudentID 317715 Abstract The Domain Names System (DNS) is an important role of internet infrastructure and supporting
More informationEvaluation of BGP Anomaly Detection and Robustness Algorithms
Trustworthy Networking Program Evaluation of BGP Anomaly Detection and Robustness Algorithms Kotikapaludi Sriram, Doug Montgomery, Oliver Borchert, Okhee Kim, and Patrick Gleichmann National Institute
More informationCSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca
CSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, John Janno? Today Last time: Intra-Domain Routing (IGP) RIP distance
More informationNetwork Working Group Request for Comments: 2519 Category: Informational Juniper February A Framework for Inter-Domain Route Aggregation
Network Working Group Request for Comments: 2519 Category: Informational E. Chen Cisco J. Stewart Juniper February 1999 Status of this Memo A Framework for Inter-Domain Route Aggregation This memo provides
More informationBalanced Peer Lists: Towards a Collusion-Resistant BGP
Balanced Peer Lists: Towards a Collusion-Resistant BGP Yan Li Department of Computer Sciences The University of Texas at Austin Austin, Texas 78712 Email: yanli@cs.utexas.edu Mohamed G. Gouda Department
More informationInter-domain Routing(BGP) Security [IP Prefix Hijacking] Akmal Khan
Inter-domain Routing(BGP) Security [IP Hijacking] Akmal Khan [raoakhan@mmlab.snu.ac.kr] 4-15-2010 2 Outline Introduction Types of IP Hijacking Internet Routing Data Sources Tools of the Trade Past Research
More informationPreventing Attacks on BGP Policies: One Bit is Enough
Preventing Attacks on BGP Policies: One Bit is Enough Srikanth Sundaresan, Robert Lychev, Vytautas Valancius Georgia Institute of Technology {srikanth, robert.lychev, valas}@gatech.edu Technical Report
More informationRouting Is At Risk. Let's Secure It Together. Andrei Robachevsky 1
Routing Is At Risk. Let's Secure It Together Andrei Robachevsky robachevsky@isoc.org 1 No Day Without an Incident 120 6 month of suspicious activity 100 80 60 Hijack Leak 40 20 0 1/1/17 2/1/17 3/1/17 4/1/17
More informationRAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun. Princeton University. Acknowledgment for Slides. Joint work with
RAPTOR: Routing Attacks on Privacy in Tor Yixin Sun Princeton University Joint work with Annie Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, Prateek Mittal Acknowledgment for Slides
More informationRouting Security We can do better!
Routing Security We can do better! And how MANRS can help Andrei Robachevsky robachevsky@isoc.org 1 No Day Without an Incident 120 6 month of suspicious activity 90 60 Hijack Leak 30 0 1/5/17 1/16/17 1/27/17
More informationCSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca
CSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, John Jannotti Today Last time: Intra-Domain Routing (IGP) RIP distance
More informationBGP Multihoming & Failover using VRRP
BGP Multihoming & Failover using VRRP Hani Rahrouh hr@wirelessnetware.ca First Canadian MUM October 19th, 2015 Montreal, Canada NETWIRE.CA About me Hani Rahrouh MikroTik Certified since 2008 MikroTik Consultant
More informationExamination. ANSWERS IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491
Examination ANSWERS IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491 Date: October 21st 2008 10:00 13:00 a) No help material is allowed
More informationA Survey of BGP Security Review
A Survey of BGP Security Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka November 16, 2011 1 Introduction to the topic and the reason for the topic being interesting Border
More informationOn characterizing BGP routing table growth
University of Massachusetts Amherst From the SelectedWorks of Lixin Gao 00 On characterizing BGP routing table growth T Bu LX Gao D Towsley Available at: https://works.bepress.com/lixin_gao/66/ On Characterizing
More informationA Longitudinal Study of BGP MOAS Prefixes
A Longitudinal Study of BGP MOAS Prefixes Quentin Jacquemart Eurecom Sophia Antipolis Guillaume Urvoy-Keller Univ. Nice Sophia Antipolis, CNRS, I3S, UMR 7271, 06900 Sophia Antipolis Ernst Biersack Eurecom
More informationRouting Is At Risk. Let's Secure It Together. Andrei Robachevsky 1
Routing Is At Risk. Let's Secure It Together Andrei Robachevsky robachevsky@isoc.org 1 No Day Without an Incident 120 6 month of suspicious activity 100 80 60 Hijack Leak 40 20 0 1/1/17 2/1/17 3/1/17 4/1/17
More informationCNT Computer and Network Security: BGP Security
CNT 5410 - Computer and Network Security: BGP Security Professor Kevin Butler Fall 2015 Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means
More informationSecurity Issues of BGP in Complex Peering and Transit Networks
Technical Report IDE-0904 Security Issues of BGP in Complex Peering and Transit Networks Presented By: Supervised By: Muhammad Adnan Khalid Qamar Nazir Olga Torstensson Master of Computer network engineering
More informationnetwork security cs642 computer security adam everspaugh
network security cs642 computer security adam everspaugh ace@cs.wisc.edu today Reminder: HW3 due in one week: April 18, 2016 CIDR addressing Border Gateway Protocol Network reconnaissance via nmap Idle
More informationPHAS: A Prefix Hijack Alert System
PHAS: A Prefix Hijack Alert System Mohit Lad mohit@cs.ucla.edu Yiguo Wu yiguowu@cs.ucla.edu Dan Massey massey@cs.colostate.edu Beichuan Zhang bzhang@cs.arizona.edu Dan Pei peidan@research.att.com Lixia
More informationAccurate Real-time Identification of IP Hijacking
Accurate Real-time Identification of IP Hijacking 1 Xin Hu Z. Morley Mao University of Michigan huxin@umich.edu zmao@umich.edu Abstract In this paper, we present novel and practical techniques to accurately
More informationOn the State of the Inter-domain and Intra-domain Routing Security
On the State of the Inter-domain and Intra-domain Routing Security Mingwei Zhang April 19, 2016 Mingwei Zhang Internet Routing Security 1 / 54 Section Internet Routing Security Background Internet Routing
More informationThe Implementation of BGP Monitoring, Alarming, and Protecting System by a BGP-UPDATE-Based Method using ECOMMUNITY in Real Time
The Implementation of BGP Monitoring, Alarming, and Protecting System by a BGP-UPDATE-Based Method using ECOMMUNITY in Real Time Je-kuk Yun 1, Beomseok Hong 2, and Yanggon Kim 3 1 Information Technology,
More informationMethods for Detection and Mitigation of BGP Route Leaks
Methods for Detection and Mitigation of BGP Route Leaks ietf-idr-route-leak-detection-mitigation-00 (Route leak definition: draft-ietf-grow-route-leak-problem-definition) K. Sriram, D. Montgomery, and
More informationAPT: A Practical Transit-Mapping Service Overview and Comparisons
APT: A Practical Transit-Mapping Service Overview and Comparisons draft-jen-apt Dan Jen, Michael Meisel, Dan Massey, Lan Wang, Beichuan Zhang, and Lixia Zhang The Big Picture APT is similar to LISP at
More informationMANRS. Mutually Agreed Norms for Routing Security. Jan Žorž
MANRS Mutually Agreed Norms for Routing Security Jan Žorž The Problem A Routing Security Overview 2 No Day Without an Incident http://bgpstream.com/ 3 Routing Incidents Cause Real World
More informationCS 457 Networking and the Internet. The Global Internet (Then) The Global Internet (And Now) 10/4/16. Fall 2016
CS 457 Networking and the Internet Fall 2016 The Global Internet (Then) The tree structure of the Internet in 1990 The Global Internet (And Now) A simple multi-provider Internet 1 The Global Internet Some
More informationAdvanced Threat Defense Certification Testing Report. Symantec Corporation Symantec Advanced Threat Protection
Advanced Threat Defense Certification Testing Report Symantec Advanced Threat Protection ICSA Labs Advanced Threat Defense December 8, 2015 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg,
More informationSpamTracer: How Stealthy Are Spammers?
SpamTracer: How Stealthy Are Spammers? Pierre-Antoine Vervier Eurecom Sophia Antipolis, France Pierre-Antoine.Vervier@eurecom.fr Olivier Thonnard Symantec Research Labs Sophia Antipolis, France Olivier
More informationToward Understanding the Behavior of BGP During Large-Scale Power Outages
Toward Understanding the Behavior of BGP During Large-Scale Power Outages Jun Li, Zhen Wu, and Eric Purpus {lijun, zwu, epurpus}@cs.uoregon.edu Computer and Information Science Department University of
More informationNetwork Forensics Prefix Hijacking Theory Prefix Hijacking Forensics Concluding Remarks. Network Forensics:
Network Forensics: Network OS Fingerprinting Prefix Hijacking Analysis Scott Hand September 30 th, 2011 Outline 1 Network Forensics Introduction OS Fingerprinting 2 Prefix Hijacking Theory BGP Background
More informationOn the Impact of Route Processing and MRAI Timers on BGP Convergence Times
On the Impact of Route Processing and MRAI Timers on BGP Convergence Times Shivani Deshpande and Biplab Sikdar Department of ECSE, Rensselaer Polytechnic Institute, Troy, NY 12180 Abstract Fast convergence
More informationAccurate Real-time Identification of IP Hijacking. Presented by Jacky Mak
Accurate Real-time Identification of IP Hijacking Presented by Jacky Mak Outline Problem and Objectives Interdomain Routing and BGP Basics Attack Model of IP Hijacking Real-time Detection Techniques Implementation
More informationSecurity and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /
Security and Compliance Powered by the Cloud Ben Friedman / Strategic Accounts Director / bf@alertlogic.com Founded: 2002 Headquarters: Ownership: Houston, TX Privately Held Customers: 1,200 + Employees:
More informationOverview. Problem: Find lowest cost path between two nodes Factors static: topology dynamic: load
Dynamic Routing Overview Forwarding vs Routing forwarding: to select an output port based on destination address and routing table routing: process by which routing table is built Network as a Graph C
More informationExamination. IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491
Examination IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491 Date: October 21st 2008 10:00 13:00 a) No help material is allowed You
More informationFlooding Attacks by Exploiting Persistent Forwarding Loops
Flooding Attacks by Exploiting Persistent Forwarding Jianhong Xia, Lixin Gao, Teng Fei University of Massachusetts at Amherst {jxia, lgao, tfei}@ecs.umass.edu ABSTRACT In this paper, we present flooding
More informationRouting and router security in an operator environment
DD2495 p4 2011 Routing and router security in an operator environment Olof Hagsand KTH CSC 1 Router lab objectives A network operator (eg ISP) needs to secure itself, its customers and its neighbors from
More informationGLOBAL INTERNET ROUTING FORENSICS Validation of BGP Paths using ICMP Traceback
Chapter 14 GLOBAL INTERNET ROUTING FORENSICS Validation of BGP Paths using ICMP Traceback Eunjong Kim, Dan Massey and Indrajit Ray Abstract The Border Gateway Protocol (BGP), the Internet's global routing
More informationMATT JONES HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING END-TO-END ENCRYPTION
MATT JONES HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING END-TO-END ENCRYPTION MATT JONES HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING END-TO-END ENCRYPTION MATT JONES HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING
More informationInterdomain Routing Reading: Sections P&D 4.3.{3,4}
Interdomain Routing Reading: Sections P&D 4.3.{3,4} EE122: Intro to Communication Networks Fall 2006 (MW 4:00-5:30 in Donner 155) Vern Paxson TAs: Dilip Antony Joseph and Sukun Kim http://inst.eecs.berkeley.edu/~ee122/
More informationThe Transition to BGP Security Is the Juice Worth the Squeeze?
The Transition to BGP Security Is the Juice Worth the Squeeze? RPKI Sharon Goldberg Boston University November 2013 Work with Kyle Brogle (Stanford), Danny Cooper (BU), Ethan Heilman (BU), Robert Lychev
More informationProblem Statement and Considerations for ROA Mergence. 96 SIDR meeting
Problem Statement and Considerations for ROA Mergence draft-yan-sidr-roa-mergence-00 @IETF 96 SIDR meeting fuyu@cnnic.cn Background RFC 6482 1/19 ROA mergence What is the ROA mergence? is a common case
More informationEvent-Based Software-Defined Networking: Build a Secure Science DMZ
White Paper Event-Based Software-Defined Networking: Build a Secure Science DMZ What You Will Learn As the need to efficiently move large data sets around the world increases, the Science DMZ - built at
More informationCSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca
CSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, John Janno? Administrivia Midterm moved up from 3/17 to 3/15 IP
More informationInvestigating occurrence of duplicate updates in BGP announcements
Investigating occurrence of duplicate updates in BGP announcements Jonathan Park, Dan Jen, Mohit Lab, Shane Amante, Danny McPherson, Lixia Zhang GROW @ IETF75 July 27, 2009 Why This Work All BGP update
More informationA Heuristic Approach for the Detection of Malicious Activity at Autonomous System
International Journal of Scientific and Research Publications, Volume 3, Issue 6, June 2013 1 A Heuristic Approach for the Detection of Malicious Activity at Autonomous System Sowmyashree C.S *, Prof.
More informationCND Exam Blueprint v2.0
EC-Council C ND Certified Network Defende r CND Exam Blueprint v2.0 CND Exam Blueprint v2.0 1 Domains Objectives Weightage Number of Questions 1. Computer Network and Defense Fundamentals Understanding
More informationTHE Domain Name System (DNS) [1] is an essential part
IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 14, NO. 9, SEPTEMBER 2003 1 Protecting BGP Routes to Top-Level DNS Servers Lan Wang, Xiaoliang Zhao, Member, IEEE, Dan Pei, Randy Bush, Daniel
More informationinternet technologies and standards
Institute of Telecommunications Warsaw University of Technology internet technologies and standards Piotr Gajowniczek BGP (Border Gateway Protocol) structure of the Internet Tier 1 ISP Tier 1 ISP Google
More informationA Scalable Routing System Design for the Future Internet
A Scalable Routing System Design for the Future Internet Dan Massey (Colorado State University) Lan Wang (University of Memphis) Beichuan Zhang (University of Arizona) Lixia Zhang (UCLA) 1 Where We Are
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationA Configuration based Approach to Mitigating Man-inthe-Middle Attacks in Enterprise Cloud IaaS Networks running BGP
A Configuration based Approach to Mitigating Man-inthe-Middle Attacks in Enterprise Cloud IaaS Networks running BGP Stephen Brako Oti Isaac Bansah Tonny M. Adegboyega ABSTRACT Cloud IaaS service providers
More informationInternet Routing Protocols Lecture 03 Inter-domain Routing
Internet Routing Protocols Lecture 03 Inter-domain Routing Advanced Systems Topics Lent Term, 2008 Timothy G. Griffin Computer Lab Cambridge UK Autonomous Routing Domains A collection of physical networks
More informationCOMP/ELEC 429 Introduction to Computer Networks
COMP/ELEC 429 Introduction to Computer Networks Lecture 11: Inter-domain routing Slides used with permissions from Edward W. Knightly, T. S. Eugene Ng, Ion Stoica, Hui Zhang T. S. Eugene Ng eugeneng at
More informationA Framework for Resilient Internet Routing Protocols
A Framework for Resilient Internet Routing Protocols Dan Pei and Lixia Zhang, UCLA Dan Massey, USC/ISI Abstract At a fundamental level, all Internet-based applications rely on a dependable packet delivery
More informationDepartment of Computer and IT Engineering University of Kurdistan. Computer Networks II Border Gateway protocol (BGP) By: Dr. Alireza Abdollahpouri
Department of Computer and IT Engineering University of Kurdistan Computer Networks II Border Gateway protocol (BGP) By: Dr. Alireza Abdollahpouri Internet structure: network of networks local ISP Tier
More information(Submit to Bright Internet Global Summit - BIGS)
Reviewing Technological Solutions of Source Address Validation (Submit to Bright Internet Global Summit - BIGS) Jongbok Byun 1 Business School, Sungkyunkwan University Seoul, Korea Christopher P. Paolini
More informationFault Localization for Firewall Policies
Fault Localization for Firewall Policies JeeHyun Hwang 1 Tao Xie 1 Fei Chen Alex X. Liu 1 Department of Computer Science, North Carolina State University, Raleigh, NC 7695-86 Department of Computer Science
More informationHands-On Ethical Hacking and Network Defense 3 rd Edition
Hands-On Ethical Hacking and Network Defense 3 rd Edition Chapter 13 Network Protection Systems Last modified 1-11-17 Objectives Explain how routers are used to protect networks Describe firewall technology
More informationbgpand - Architecting a modular BGP4 Attack & Anomalies Detection Platform
bgpand - Architecting a modular BGP4 Attack & Anomalies Detection Platform Mayank Bhatnagar TechMahindra Limited, SDF B-1, NSEZ, Noida-201305, India E-mail : mayank.bhatnagar2@techmahindra.com Abstract
More informationStrobeLight: Lightweight Availability Mapping and Anomaly Detection. James Mickens, John Douceur, Bill Bolosky Brian Noble
StrobeLight: Lightweight Availability Mapping and Anomaly Detection James Mickens, John Douceur, Bill Bolosky Brian Noble At any given moment, how can we tell which enterprise machines are online and
More informationCS4700/CS5700 Fundamentals of Computer Networks
CS4700/CS5700 Fundamentals of Computer Networks Lecture 12: Inter-domain routing Slides used with permissions from Edward W. Knightly, T. S. Eugene Ng, Ion Stoica, Hui Zhang Alan Mislove amislove at ccs.neu.edu
More informationNetwork Security: Routing security. Aapo Kalliola T Network security Aalto University, Nov-Dec 2012
Network Security: Routing security Aapo Kalliola T-110.5241 Network security Aalto University, Nov-Dec 2012 Outline 1. Structure of internet 2. Routing basics 3. Security issues 4. Attack 5. Solutions
More informationJumpstarting BGP Security. Yossi Gilad Joint work with: Avichai Cohen, Amir Herzberg, and Michael Schapira
Jumpstarting BGP Security Yossi Gilad Joint work with: Avichai Cohen, Amir Herzberg, and Michael Schapira Prefix hijacking Victim Path: 111 AS X AS 111 Boston University BGP Ad. AS 666 Data flow 2 Prefix
More informationAn Analysis on Selective Dropping Attack in BGP
An Analysis on Selective Dropping Attack in BGP Ke Zhang Department of Computer Science University of California, Davis Email: kezhang@ucdavisedu Xiaoliang Zhao USC/ISI Email: xzhao@isiedu SFelix Wu Department
More informationInterdomain Routing and Connectivity
Interdomain Routing and Connectivity Brighten Godfrey CS 538 February 28 2018 slides 2010-2018 by Brighten Godfrey unless otherwise noted Routing Choosing paths along which messages will travel from source
More informationDetecting Malicious Activity with DNS Backscatter Kensuke Fukuda John Heidemann Proc. of ACM IMC '15, pp , 2015.
Detecting Malicious Activity with DNS Backscatter Kensuke Fukuda John Heidemann Proc. of ACM IMC '15, pp. 197-210, 2015. Presented by Xintong Wang and Han Zhang Challenges in Network Monitoring Need a
More informationInternet Research Task Force (IRTF) Category: Informational May 2011 ISSN:
Internet Research Task Force (IRTF) T. Li, Ed. Request for Comments: 6227 Cisco Systems, Inc. Category: Informational May 2011 ISSN: 2070-1721 Abstract Design Goals for Scalable Internet Routing It is
More informationIncident Response Agility: Leverage the Past and Present into the Future
SESSION ID: SPO1-W03 Incident Response Agility: Leverage the Past and Present into the Future Torry Campbell CTO, Endpoint and Management Technologies Intel Security The Reality we Face Reconnaissance
More informationNetwork Security - ISA 656 Routing Security
Network Security - ISA 656 Angelos Stavrou December 4, 2007 What is? What is Routing Security? History of Routing Security Why So Little Work? How is it Different? The Enemy s Goal? Bad guys play games
More informationSecureNoC. (Team Colonel Panic): Xiaoming Guo, Sijia He, Amlan Nayak, Jay Zhang. December 3, 2015
SecureNoC (Team Colonel Panic): Xiaoming Guo, Sijia He, Amlan Nayak, Jay Zhang December 3, 2015 1 Problem Statement Networks on Chip (NoCs) have been steadily investigated from reliability, efficiency,
More informationA New Enhancement for Security Mechanism in Routers
Journal of Computer Science 4 (7): 565-570, 2008 ISSN 1549-3636 2008 Science Publications A New Enhancement for Security Mechanism in Routers 1 Khalid Khanfar, 2 Riyad Khanfar, 3 Walid Al-Ahmad and 4 Eyas
More information