TY - GEN
T1 - Poster
T2 - 32nd IEEE International Conference on Network Protocols, ICNP 2024
AU - Jaw, Ebrima
AU - Müller, Moritz
AU - Hesselman, Cristian
AU - Nieuwenhuis, Lambert
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - The Border Gateway Protocol (BGP) remains susceptible to prefix hijacks due to its trust-based nature and lack of default robust authentication mechanisms. Prefix hijacks are unintentional or malicious announcements of prefixes allocated to other ASes. Although prefix hijacks are primarily associated with misconfigurations, they remain a significant security threat. For instance, the recent hijacking and route leak incident involving Cloudflare made their DNS resolver unreachable for some networks for about 8 hours. Some ASes perform hijacks frequently and for longer duration. We revisited these “serial hijackers” in 2024 and validated some of the potential serial hijackers with external data. However, neither the original study from 2019 nor ours dug deeper to understand the impact and goal of serial hijackers. This study fills this gap and shows that 22.9% of the announcements were RPKI-invalid, raising new questions about the intent of the hijack. Finally, we show that these invalid announcements still reach many networks on the Internet, demonstrating that many ASes are not doing RPKI route origin validation, thereby compromising the Internet’s stability and security.
AB - The Border Gateway Protocol (BGP) remains susceptible to prefix hijacks due to its trust-based nature and lack of default robust authentication mechanisms. Prefix hijacks are unintentional or malicious announcements of prefixes allocated to other ASes. Although prefix hijacks are primarily associated with misconfigurations, they remain a significant security threat. For instance, the recent hijacking and route leak incident involving Cloudflare made their DNS resolver unreachable for some networks for about 8 hours. Some ASes perform hijacks frequently and for longer duration. We revisited these “serial hijackers” in 2024 and validated some of the potential serial hijackers with external data. However, neither the original study from 2019 nor ours dug deeper to understand the impact and goal of serial hijackers. This study fills this gap and shows that 22.9% of the announcements were RPKI-invalid, raising new questions about the intent of the hijack. Finally, we show that these invalid announcements still reach many networks on the Internet, demonstrating that many ASes are not doing RPKI route origin validation, thereby compromising the Internet’s stability and security.
KW - 2025 OA procedure
UR - http://www.scopus.com/inward/record.url?scp=85218000733&partnerID=8YFLogxK
U2 - 10.1109/ICNP61940.2024.10858587
DO - 10.1109/ICNP61940.2024.10858587
M3 - Conference contribution
AN - SCOPUS:85218000733
T3 - Proceedings - International Conference on Network Protocols, ICNP
BT - 2024 IEEE 32nd International Conference on Network Protocols, ICNP 2024
PB - IEEE
Y2 - 28 October 2024 through 31 October 2024
ER -