Article

Detection of Invalid Routing Announcement in the Internet

Authors:

Dan Pei,

Lixia ZhangAuthors Info & Claims

DSN '02: Proceedings of the 2002 International Conference on Dependable Systems and Networks

Pages 59 - 68

Published: 23 June 2002 Publication History

Publisher Site

Abstract

Network measurement has shown that a specific IP address prefix may be announced by more than one autonomous system (AS), a phenomenon commonly referred to as Multiple Origin AS, or MOAS. MOAS can be due to either operational need to support multi-homing, or false route announcements due to configuration or implementation errors, or even by intentional attacks. Packets following such bogus routes will be either dropped or, in the case of an intentional attack, delivered to a machine of the attacker's choosing.This paper presents a protocol enhancement to BGP which enables BGP to detect bogus route announcements from false origins. Rather than imposing cryptography-based authentication and encryption to secure routing message exchanges, our solution makes use of the rich connectivity among ASes that exists in the Internet. Simulation results show that this simple solution can effectively detect false routing announcements even in the presence of multiple compromised routers, become more robust in larger topologies, and can substantially reduce the impact of false routing announcements even with a partial deployment.

Cited By

View all

Siddiqui MMontero DSerral-Gracià RMasip-Bruin XYannuzzi M(2015)A survey on the recent efforts of the Internet Standardization Body for securing inter-domain routingComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2015.01.01780:C(1-26)Online publication date: 7-Apr-2015
https://dl.acm.org/doi/10.1016/j.comnet.2015.01.017
Goebel CNeumann DKrishnan R(2011)Comparing ingress and egress detection to secure interdomain routingACM Transactions on Internet Technology10.1145/2049656.204965711:2(1-26)Online publication date: 12-Dec-2011
https://dl.acm.org/doi/10.1145/2049656.2049657
Zhang MLiu BZhang B(2010)Safeguarding data delivery by decoupling path propagation and adoptionProceedings of the 29th conference on Information communications10.5555/1833515.1833600(421-425)Online publication date: 14-Mar-2010
https://dl.acm.org/doi/10.5555/1833515.1833600
Show More Cited By

Detection of Invalid Routing Announcement in the Internet
1. Networks
  1. Network protocols
    1. Network layer protocols

Recommendations

Improving Internet multicast with routing labels
ICNP '97: Proceedings of the 1997 International Conference on Network Protocols (ICNP '97)

The IP-multicast architecture is extended with addressing information along multicast routing trees that permits more efficient and sophisticated multicast routing options and encourages communication and cooperation between IP and higher-layer ...
Reliable internet routing
Multipath Routing Protocol in the Internet
ICETET '09: Proceedings of the 2009 Second International Conference on Emerging Trends in Engineering & Technology

Border Gateway Protocol (BGP) is the current interdomain routing protocol, which limits each router to using a single best path for each destination prefix even though multiple paths are available. This may not satisfy the diverse requirements of end ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

DSN '02: Proceedings of the 2002 International Conference on Dependable Systems and Networks

June 2002

758 pages

ISBN:0769515975

Publisher

IEEE Computer Society

United States

Publication History

Published: 23 June 2002

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Siddiqui MMontero DSerral-Gracià RMasip-Bruin XYannuzzi M(2015)A survey on the recent efforts of the Internet Standardization Body for securing inter-domain routingComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2015.01.01780:C(1-26)Online publication date: 7-Apr-2015
https://dl.acm.org/doi/10.1016/j.comnet.2015.01.017
Goebel CNeumann DKrishnan R(2011)Comparing ingress and egress detection to secure interdomain routingACM Transactions on Internet Technology10.1145/2049656.204965711:2(1-26)Online publication date: 12-Dec-2011
https://dl.acm.org/doi/10.1145/2049656.2049657
Zhang MLiu BZhang B(2010)Safeguarding data delivery by decoupling path propagation and adoptionProceedings of the 29th conference on Information communications10.5555/1833515.1833600(421-425)Online publication date: 14-Mar-2010
https://dl.acm.org/doi/10.5555/1833515.1833600
Mickens JDouceur JBolosky WNoble B(2009)StrobeLightProceedings of the 2009 conference on USENIX Annual technical conference10.5555/1855807.1855812(5-5)Online publication date: 14-Jun-2009
https://dl.acm.org/doi/10.5555/1855807.1855812
Qiu TJi LPei DWang JXu JBallani H(2009)Locating prefix hijackers using LOCKProceedings of the 18th conference on USENIX security symposium10.5555/1855768.1855777(135-150)Online publication date: 10-Aug-2009
https://dl.acm.org/doi/10.5555/1855768.1855777
Menon VPottenger W(2009)A higher order collective classifier for detecting andclassifying network eventsProceedings of the 2009 IEEE international conference on Intelligence and security informatics10.5555/1706428.1706450(125-130)Online publication date: 8-Jun-2009
https://dl.acm.org/doi/10.5555/1706428.1706450
Carl GKesidis G(2008)Large-scale testing of the Internet's Border Gateway Protocol (BGP) via topological scale-downACM Transactions on Modeling and Computer Simulation10.1145/1371574.137157718:3(1-30)Online publication date: 24-Jul-2008
https://dl.acm.org/doi/10.1145/1371574.1371577
Tseng SZhang KWu SMa KTeoh SZhao X(2007)Analysis of BGP origin as changes among Brazil-related autonomous systemsProceedings of the 7th IEEE international conference on IP operations and management10.5555/1775321.1775328(49-60)Online publication date: 31-Oct-2007
https://dl.acm.org/doi/10.5555/1775321.1775328
Zheng CJi LPei DWang JFrancis P(2007)A light-weight distributed scheme for detecting ip prefix hijacks in real-timeACM SIGCOMM Computer Communication Review10.1145/1282427.128241237:4(277-288)Online publication date: 27-Aug-2007
https://dl.acm.org/doi/10.1145/1282427.1282412
Ballani HFrancis PZhang X(2007)A study of prefix hijacking and interception in the internetACM SIGCOMM Computer Communication Review10.1145/1282427.128241137:4(265-276)Online publication date: 27-Aug-2007
https://dl.acm.org/doi/10.1145/1282427.1282411
Show More Cited By

Abstract

Cited By

Recommendations

Improving Internet multicast with routing labels

Reliable internet routing

Multipath Routing Protocol in the Internet

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations