Serial BGP Hijackers: A Reproducibility Study and Assessment of Current Dynamics

Ebrima Jaw, Moritz Müller*, Cristian Hesselman*, Lambert Nieuwenhuis

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

14 Downloads (Pure)

Abstract

The Border Gateway Protocol (BGP) is the Internet's most crucial protocol for efficient global connectivity and traffic routing. However, BGP is well-known to be susceptible to route hijacks and leaks. Route hijacks are the illegitimate announcements of network resources, intentionally or unintentionally, which can compromise the confidentiality, integrity, and availability of communication systems. In the past, so-called 'serial hijackers' have hijacked Internet resources multiple times, some lasting for several months or years. So far, only the paper 'Profiling BGP Serial Hijackers' focuses explicitly on those repeated offenders, and their study dates back to 2019. Back then, they had to process large amounts of BGP announcements to find a few potential serial hijackers. In this paper, we revisit the profiling of serial hijackers. We reproduce and extend the study from 2019 and show that we can identify potential offenders with less data while achieving similar accuracy. We show that most of the alleged serial hijackers are still active on the Internet, announcing prefixes that belong to other ASes. In conclusion, our study confirms that there has been no significant increase in the evolution of serial hijacking activities during the last five years. However, we found that the active alleged serial hijackers and the identified potential malicious actors still threaten the Internet's security and stability.

Original languageEnglish
Title of host publicationTMA 2024 - Proceedings of the 8th Network Traffic Measurement and Analysis Conference
PublisherIEEE
ISBN (Electronic)9783903176645
DOIs
Publication statusPublished - 20 Jun 2024
Event8th Network Traffic Measurement and Analysis Conference, TMA 2024 - Dresden, Germany
Duration: 21 May 202424 May 2024
Conference number: 8
https://tma.ifip.org/2024/

Conference

Conference8th Network Traffic Measurement and Analysis Conference, TMA 2024
Abbreviated titleTMA 2024
Country/TerritoryGermany
CityDresden
Period21/05/2424/05/24
Internet address

Keywords

  • 2024 OA procedure

Fingerprint

Dive into the research topics of 'Serial BGP Hijackers: A Reproducibility Study and Assessment of Current Dynamics'. Together they form a unique fingerprint.

Cite this