Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Reclaim your prefix: Mitigation of prefix hijacking using IPsec tunnels

: Wübbeling, Matthias; Meier, Michael


Tölle, J. ; Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society; IEEE Computer Society, Technical Committee on Computer Communications:
IEEE 42nd Conference on Local Computer Networks, LCN 2017. Proceedings : 9-12 October 2017, Singapore
Piscataway, NJ: IEEE, 2017
ISBN: 978-1-5090-6523-3
ISBN: 978-1-5090-6522-6
ISBN: 978-1-5090-6524-0
Conference on Local Computer Networks (LCN) <42, 2017, Singapore>
Conference Paper
Fraunhofer FKIE ()

Prefix hijacking is a serious threat in the Internet routing landscape. The Border Gateway Protocol has no origin authentication by design. Countermeasures, e.g. on-top authentication as implemented by R-PKI infrastructures, are not yet deployed on a very large scale. Being victim of prefix hijacking is a difficult situation with few options. Not only the owner of a prefix is victim but all the networks being deceived by the attacker. They are unable to communicate with the owner and corresponding traffic travels into the wrong direction. Current data from the Internet routing plane as collected by RIPE-NCC is examined to detect prefix hijacking. This paper discusses means to manipulate the partitions resulting from prefix hijacking with router inherent functionality. By this means, prefix owners become able to increase their impact and enlarge the corresponding partition, with just one assistant Autonomous System (AS). Selection strategies to find a well suited assistant AS are compared and the top three are verified in an emulation environment. Therefore, an emulation network is created on the dataset that is representative for prefix hijacking in the Internet. The presented approach can be the foundation of a (semi-)automated tool to mitigate prefix hijacking in the future.