Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks

Pierre Antoine Vervier, Olivier Thonnard, Marc Dacier

Research output: Contribution to conferencePaperpeer-review

60 Scopus citations

Abstract

Some recent research presented evidence of blocks of IP addresses being stolen by BGP hijackers to launch spam campaigns [35]. This was the first time BGP hijacks were seen in the wild. Since then, only a very few anecdotal cases have been reported as if hackers were not interested in running these attacks. However, it is a common belief among network operators and ISPs that these attacks could be taking place but, so far, no one has produced evidence to back up that claim. In this paper, we analyse 18 months of data collected by an infrastructure specifically built to answer that question: are intentional stealthy BGP hijacks routinely taking place in the Internet? The identification of what we believe to be more than 2, 000 malicious hijacks leads to a positive answer. The lack of ground truth is, of course, a problem but we managed to get confirmation of some of our findings thanks to an ISP unwittingly involved in hijack cases we have spotted. This paper aims at being an eye opener for the community by shedding some light on this undocumented threat. We also hope that it will spur new research to understand why these hijacks are taking place and how they can be mitigated. Depending on how BGP attacks are carried out, they can be very disruptive for the whole Internet and should be looked at very closely. As of today, as much as 20% of the whole IPv4 address space is currently allocated but not publicly announced, which makes it potentially vulnerable to such malicious BGP hijacks.

Original languageEnglish (US)
DOIs
StatePublished - 2015
Event22nd Annual Network and Distributed System Security Symposium, NDSS 2015 - San Diego, United States
Duration: Feb 8 2015Feb 11 2015

Conference

Conference22nd Annual Network and Distributed System Security Symposium, NDSS 2015
Country/TerritoryUnited States
CitySan Diego
Period02/8/1502/11/15

Bibliographical note

Publisher Copyright:
Copyright © 2015 Internet Society.

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks'. Together they form a unique fingerprint.

Cite this