IP Prefix Hijacking Detection Using Idle Scan

13 years 11 months ago

Download dpnm.postech.ac.kr

The Internet is comprised of a lot of interconnected networks communicating reachability information using BGP. Due to the design based on trust between networks, IP prefix hijacking can occurs, which is caused by wrong routing information. This results in a serious security threat in the Internet routing system. In this paper, we present an effective and practical approach for detecting IP prefix hijacking without major change to the current routing infrastructure. To detect IP prefix hijacking event, we are monitoring routing update messages that show wrong announcement of IP prefix origin. When a suspicious BGP update that causes MOAS conflict is received, the detection system starts idle scan for IP ID probing so that distinguish IP prefix hijacking event from legitimate routing update.

Seong-Cheol Hong, Hong-Taek Ju, James W. Hong

Real-time Traffic

APNOMS 2009 | Computer Networks | IP Prefix | Prefix Hijacking | Prefix Hijacking Event |

claim paper

Post Info
More Details (n/a)

Added	25 May 2010
Updated	25 May 2010
Type	Conference
Year	2009
Where	APNOMS
Authors	Seong-Cheol Hong, Hong-Taek Ju, James W. Hong

Comments (0)

Sciweavers

IP Prefix Hijacking Detection Using Idle Scan

APNOMS 2009 | Computer Networks | IP Prefix | Prefix Hijacking | Prefix Hijacking Event |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers