Hijacking Analysis

845 Words4 Pages
It is quite natural to understand that before we investigate any kind of hijacking issue, we need to make sure that we are able to detect the problem. Proper detection also requires proper preparation in advance in order to be able to identify the problem when it persists. Following from this, to be more specific, preparation seems to be the first phase of detection, as without proper preparation, detection would not be possible. There are few things to follow when it comes to making sure one is prepared to be protected against BGP hijacking [5]: i. Ensuring prefixes are all provably yours, ii. Registering prefixes in the Internet Routing Registries (IRRs), iii. Asking provider about response procedures to hijacking. iv. Not putting important resources in the same prefixes. (YouTube previously ran DNS in the same prefixes as web/video and thus suffered the damage- a great lesson for the Internet world). Once we are prepared with all these measures, our next goal would be to appropriately detect the correct issue. This involves answering questions like: Where exactly has hijacking been done, is it a prefix hijacking or sub-prefix hijacking, which AS route has been maligned, etc. Thus, in order to understand the technique of detection, it is important to understand the difference between the two types of BGP hijacking: Prefix hijacking and Sub-prefix hijacking [4]: i. Prefix Hijacking: This occurs when the attack router creates a route to an existing IP prefix of the victim network. This results in the Internet being partially polluted, depending on how preferable the fake route is compared to the real route from the view point of various networks. ii. Sub-prefix Hijacking: This occurs when the attacker steals a subnet of an e... ... middle of paper ... ...onitors. Generally speaking, the more the number of monitors used by LOCK, the higher accuracy LOCK can achieve in locating the prefix hijackers. 3.3 REACTIVE MITIGATION SCHEME In order to overcome slow and error prone mitigation schemes, we need a reactive detection-assisted mitigation scheme that automatically responds to detected prefix hijacks and hence mitigates the adverse impact of the attacks in a timely fashion. An effective mitigation system works as follows [4]: Step 1: Upon detecting a prefix hijack, the detection system notifies the mitigation system about the hijack with three pieces of information: • The attacker AS, • The victim AS, and • The victim prefix. These three pieces of information are extremely useful as they help us differentiate between bogus routes (that end with the attacker’s AS) and valid routes (which end with the victim’s AS).
Open Document