Prefix hijacking, a misbehavior in which misconfigured or malicious BGP router originates an IP prefix that the does not own, is becoming increasingly serious security problem on Internet. In this paper, we conduct first comprehensive study incrementally deployable mitigation solutions against hijacking. We propose novel reactive detection-assisted solution based idea of bogus route purging and valid promotion. Our simulations realistic settings show routes at 20 highest-degree ASes reduces polluted portion Internet by random hijack from 50% down to 24%, adding promotion further remaining pollution 33% ~ 57%, prove our proposed scheme preserve convergence properties regardless number promoters. are demonstrate detection systems limited feeds subject evasion hijackers. Motivated need for proactive defenses complement response, evaluate customer filtering, best common practice among large ISPs today, its effectiveness. also added benefits combining purging-promotion with filtering.

Load

Load