Abstract
The Border Gateway Protocol (BGP) is the Internet's most crucial protocol for efficient global connectivity and traffic routing. However, BGP is well-known to be susceptible to route hijacks and leaks. Route hijacks are the illegitimate announcements of network resources, intentionally or unintentionally, which can compromise the confidentiality, integrity, and availability of communication systems. In the past, so-called 'serial hijackers' have hijacked Internet resources multiple times, some lasting for several months or years. So far, only the paper 'Profiling BGP Serial Hijackers' focuses explicitly on those repeated offenders, and their study dates back to 2019. Back then, they had to process large amounts of BGP announcements to find a few potential serial hijackers. In this paper, we revisit the profiling of serial hijackers. We reproduce and extend the study from 2019 and show that we can identify potential offenders with less data while achieving similar accuracy. We show that most of the alleged serial hijackers are still active on the Internet, announcing prefixes that belong to other ASes. In conclusion, our study confirms that there has been no significant increase in the evolution of serial hijacking activities during the last five years. However, we found that the active alleged serial hijackers and the identified potential malicious actors still threaten the Internet's security and stability.
Original language | English |
---|---|
Title of host publication | TMA 2024 - Proceedings of the 8th Network Traffic Measurement and Analysis Conference |
Publisher | IEEE |
ISBN (Electronic) | 9783903176645 |
DOIs | |
Publication status | Published - 20 Jun 2024 |
Event | 8th Network Traffic Measurement and Analysis Conference, TMA 2024 - Dresden, Germany Duration: 21 May 2024 → 24 May 2024 Conference number: 8 https://tma.ifip.org/2024/ |
Conference
Conference | 8th Network Traffic Measurement and Analysis Conference, TMA 2024 |
---|---|
Abbreviated title | TMA 2024 |
Country/Territory | Germany |
City | Dresden |
Period | 21/05/24 → 24/05/24 |
Internet address |
Keywords
- 2024 OA procedure