ABSTRACT
The Border Gateway Protocol (BGP) is the routing protocol that enables large IP networks to form a single Internet. The main objective of BGP is to exchange Network Layer Reachability Information (NLRI) between Autonomous Systems (ASes) so that a BGP speaker can announce their IP prefix and find a path to the destination of packets. However, a BGP hijacker can pretend to be any third BGP speaker because BGP itself doesn't have the functionality of validating BGP messages. In order to solve this problem, BGP speaker needs to validate messages coming from other BGP speakers. In this paper, we propose the BGP Monitoring and Alarm System (BGPMAS) which monitors incoming announcements and starts to make sounds of the alarm if the BGPMAS detects an invalid announcement. In addition, the BGPMAS provides AS administrators with web service to show where the invalid message is coming from so that the administrators can rapidly deal with the IP prefix hijacking by ignoring the malicious BGP router's prefix. In order to set this environment, the BGPMAS needs to be connected to the BGP router and the AS administrator needs the Alarm Application (AA) which will make sounds of the alarm and the AA receives a signal from the BGPMAS when the BGPMAS detect an invalid announcement. As a result, the BGP routers can easily have the RPKI-based origin validation function with the BGPMAS.
- Rekhter, Y. 2006. A Border Gateway Protocol 4 (BGP-4). RFC 4271.Google Scholar
- Murphy, S. 2006. BGP Security Vulnerabilities Analysis. RFC 4272.Google Scholar
- "7007 Explanation and Apology," Apr 1997, http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html.Google Scholar
- Rensys Blog, Con-Ed Steals the 'Net. {Online}. Available: http://www.renesys.com/blog/2006/01/coned_steals_the_net.shtmlGoogle Scholar
- Rensys Blog, Internet-Wide Catastrophe Last Year {Online}. Available: http://www.renesys.com/blog/2005/12/internetwide_nearcatastrophela.shtmlGoogle Scholar
- Rensys Blog, Pakistan hijacks YouTube {Online}. Available: http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtmlGoogle Scholar
- Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., and Zhang, L. 2006. PHAS: A prefix hijack alert system. In Proceedings of the 15th conference on USENIX Security Symposium - Volume 15 (USENIX-SS'06), Vol. 15. Google ScholarDigital Library
- Kent, S., Lynn, C., and Seo, K. 2000. Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications. 18, 4 (Apr. 2000) Google ScholarDigital Library
- Van Oorschot, P., Wan T., and Kranakis, E. 2007. On Interdomain Routing Security and Pretty Secure BGP (psBGP). ACM Transactions on Information and System Security. 10, 3(July 2007). Google ScholarDigital Library
- Lepinski, M., Kent, S., and Kong, D. 2012. A Profile for Route Origin Authorizations (ROAs). Work in progress (Internet Draft), Feb 2012.Google Scholar
- Mohapatra, P. 2013. BGP Prefix Origin Validation State Extended Community. draft-ietf-sidr-origin-validation-signaling-02(Dec 2012).Google Scholar
- White, R. 2003. Securing BGP through secure origin BGP. Internet Protocol Journal. 6, 3 (September 2003).Google Scholar
- BGP Secure Routing Extension (BGP-SRx) by NIST {Online}. Availble: http://www-x.antd.nist.gov/bgpsrx/Google Scholar
- Karlin, J., Forrest, S., and Rexford, J. 2006. Pretty Good BGP: Improving BGP by Cautiously Adopting Routes. In IEEE International Conference on Network Protocols. Google ScholarDigital Library
- Manderson, T., Vegoda, L., and Kent, S. 2012. Resource Public Key Infrastructure (RPKI) Objects Issued by IANA(Feb. 2012). {Online}. Available: http://www.rfc-editor.org/rfc/rfc6491.txtGoogle Scholar
Index Terms
- The BGP monitoring and alarming system to detect and prevent anomaly IP prefix advertisement
Recommendations
Architecture of the remote routing validation tool for BGP anomaly detection
RACS '12: Proceedings of the 2012 ACM Research in Applied Computation SymposiumThe Border Gateway Protocol (BGP) is an Inter-domain routing protocol that has gradually evolved over the past few decades. The main functionality of BGP is to exchange Network Layer Reachability Information (NLRI) between ASes so that a BGP speaker can ...
BGP eye: a new visualization tool for real-time detection and analysis of BGP anomalies
VizSEC '06: Proceedings of the 3rd international workshop on Visualization for computer securityOwing to the inter-domain aspects of BGP routing, it is difficult to correlate information across multiple domains in order to analyze the root cause of the routing outages. We present BGP Eye, a tool for visualization-aided root-cause analysis of BGP ...
Neighbor-specific BGP: more flexible routing policies while improving global stability
SIGMETRICS '09The Border Gateway Protocol (BGP) offers network administrators considerable flexibility in controlling how traffic flows through their networks. However, the interaction between routing policies in different Autonomous Systems (ASes) can lead to ...
Comments