Essay On Bp Hijacking

1. THE NEED OF DEFENSES AGAINST BGP HIJACKING

There are various routing risks to anyone who connects to the Internet today: downtime, hijacking and now even wholesale traffic interception [1]. Not many people are aware of these risks, because of which they are not being managed or measured appropriately. One of the most common forms of threat to the world of Internet today is BGP hijacking. BGP Route Hijacking occurs when a rogue BGP peer maliciously announces a victim's prefixes in an effort to reroute some or all traffic to itself for untoward purposes (for example, to view contents of traffic that otherwise may be denied to the router). In BGP hijacking, once located, an attacker is able to potentially advertise any prefix they want, causing some or all traffic to be diverted from the original real source towards the attacker [2]. This is done either to overload the ISP the attacker has infiltrated, or to perform a DoS or impersonation attack on the entity whose prefix is being advertised [2]. With this, an attacker can cause serious outages including a complete loss of connectivity. There have been many cases in the past where BGP hijacking has been done. For instance, in early 2008, at least eight US Universities had their traffic diverted to Indonesia for about 90 minutes one morning in an attack kept mostly quiet by those involved [3]. Additionally, in

February 2008, a large portion of YouTube's address space was redirected to Pakistan when the

PTA decided to block access to the site from inside the country, but accidentally blackholed the route in the global BGP table [3].

Figure 1: The famous BGP hijacking case of 2008: YouTube announced only the /22; Pakistan Telecom announces the /24.In BGP, most specific route to an IP...

... middle of paper ...

...ke: Where exactly has hijacking been done, is it a prefix hijacking or sub-prefix hijacking, which AS route has been maligned, etc. Thus, in order to understand the technique of detection, it is important to understand the difference between the two types of BGP hijacking: Prefix hijacking and Sub-prefix hijacking [4]:

i. Prefix Hijacking: This occurs when the attack router creates a route to an existing IP prefix of the victim network. This results in the Internet being partially polluted, depending on how preferable the fake route is compared to the real route from the view point of various networks. ii. Sub-prefix Hijacking: This occurs when the attacker steals a subnet of an existing prefix in the routing tables by announcing a route for the subnet originating from the attacker network. Because of the principle of longest-prefix matching based forwarding, most of