Abstract
The vulnerability of the Internet has been demonstrated by prominent IP prefix hijacking events. Major outages such as the China Telecom incident in 2010 stimulate speculations about malicious intentions behind such anomalies. Surprisingly, almost all discussions in the current literature assume that hijacking incidents are enabled by the lack of security mechanisms in the inter-domain routing protocol BGP.
In this paper, we discuss an attacker model that accounts for the hijacking of network ownership information stored in Regional Internet Registry (RIR) databases. We show that such threats emerge from abandoned Internet resources (e.g., IP address blocks, AS numbers). When DNS names expire, attackers gain the opportunity to take resource ownership by re-registering domain names that are referenced by corresponding RIR database objects. We argue that this kind of attack is more attractive than conventional hijacking, since the attacker can act in full anonymity on behalf of a victim. Despite corresponding incidents have been observed in the past, current detection techniques are not qualified to deal with these attacks. We show that they are feasible with very little effort, and analyze the risk potential of abandoned Internet resources for the European service region: our findings reveal that currently 73 /24 IP prefixes and 7 ASes are vulnerable to be stealthily abused. We discuss countermeasures and outline research directions towards preventive solutions.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Ballani, H., Francis, P., Zhang, X.: A study of prefix hijacking and interception in the internet. In: Proc. ACM SIGCOMM 2007, pp. 265–276 (2007)
Cooper, D., Heilman, E., Brogle, K., Reyzin, L., Goldberg, S.: On the risk of misbehaving RPKI authorities. In: Proc. of HotNets-XII. ACM, New York (2013)
Felegyhazi, M., Kreibich, C., Paxson, V.: On the potential of proactive domain blacklisting. In: Proc. of the 3rd USENIX LEET Conference. USENIX Association, Berkeley (2010)
Hong, S.-C., Ju, H.-T., Hong, J.W.: IP prefix hijacking detection using idle scan. In: Hong, C.S., Tonouchi, T., Ma, Y., Chao, C.-S. (eds.) APNOMS 2009. LNCS, vol. 5787, pp. 395–404. Springer, Heidelberg (2009)
Hu, X., Mao, Z.M.: Accurate real-time identification of IP prefix hijacking. In: Proc. IEEE Symposium on Security and Privacy, pp. 3–17 (2007)
Jacquemart, Q., Urvoy-Keller, G., Biersack, E.: A longitudinal study of BGP MOAS prefixes. In: Dainotti, A., Mahanti, A., Uhlig, S. (eds.) TMA 2014. LNCS, vol. 8406, pp. 127–138. Springer, Heidelberg (2014)
Kalafut, A.J., Gupta, M., Cole, C.A., Chen, L., Myers, N.E.: An empirical study of orphan DNS servers in the internet. In: Proc. of the 10th ACM SIGCOMM IMC, pp. 308–314. ACM, New York (2010)
Kent, S., Lynn, C., Seo, K.: Secure Border Gateway Protocol (SBGP). IEEE Journal on Selected Areas in Communications 18(4), April 2000
Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., Zhang, L.: PHAS: A prefix hijack alert system. In: Proc. 15th USENIX Security Symposium, vol. 15 (2006)
Lepinski, M.: BGPSEC Protocol Specification. Internet-Draft - work in progress 00, IETF, March 2011
Lepinski, M., Kent, S.: An Infrastructure to Support Secure Internet Routing. RFC 6480, IETF, February 2012
Lychev, R., Goldberg, S., Schapira, M.: Bgp security in partial deployment: Is the juice worth the squeeze?. In: Proc. of ACM SIGCOMM, pp. 171–182. ACM, New York (2013)
Mohapatra, P., Scudder, J., Ward, D., Bush, R., Austein, R.: BGP Prefix Origin Validation. RFC 6811, IETF, January 2013
Qiu, J., Gao, L.: Detecting bogus BGP route information: going beyond prefix hijacking. In: Proc. 3rd Int. Conf. on Security and Privacy in Communication Networks (SecureComm) (2007)
Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. In: Proc. ACM SIGCOMM 2006 (2006)
RIPE NCC. RIPE Database Update Reference Manual. http://www.ripe.net/data-tools/support/documentation/RIPEDatabaseUpdateManual20140425_edit.pdf
Schlamp, J., Carle, G., Biersack, E.W.: A forensic case study on as hijacking: the attacker’s perspective. ACM SIGCOMM CCR 43(2), 5–12 (2013)
Shi, X., Xiang, Y., Wang, Z., Yin, X., Wu, J.: Detecting prefix hijackings in the Internet with argus. In: Proc. ACM SIGCOMM Internet Measurement Conference (IMC) (2012)
Vervier, P.-A., Thonnard, O.: SpamTracer: How stealthy are spammers? In: 5th Int. Workshop on Traffic Monitoring and Analysis (TMA 2013) (2013)
Vervier, P.-A., Jacquemart, Q., Schlamp, J., Thonnard, O., Carle, G., Urvoy-Keller, G., Biersack, E.W., Dacier, M.: Malicious BGP hijacks: appearances can be deceiving. In: IEEE ICC Communications and Information Systems Security Symposium (ICC CISS 2014) (2014)
Wählisch, M., Maennel, O., Schmidt, T.C.: Towards Detecting BGP Route Hijacking Using the RPKI. ACM SIGCOMM CCR 42(4), 103–104 (2012)
Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M., Bush, R.: iSPY: Detecting IP prefix hijacking on my own. IEEE/ACM Trans. on Networking 18(6), 1815–1828 (2010)
Zheng, C., Ji, L., Pei, D., Wang, J., Francis, P.: A light-weight distributed scheme for detecting IP prefix hijacks in real-time. In: Proc. ACM SIGCOMM 2007, pp. 277–288 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 IFIP International Federation for Information Processing
About this paper
Cite this paper
Schlamp, J., Gustafsson, J., Wählisch, M., Schmidt, T.C., Carle, G. (2015). The Abandoned Side of the Internet: Hijacking Internet Resources When Domain Names Expire. In: Steiner, M., Barlet-Ros, P., Bonaventure, O. (eds) Traffic Monitoring and Analysis. TMA 2015. Lecture Notes in Computer Science(), vol 9053. Springer, Cham. https://doi.org/10.1007/978-3-319-17172-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-17172-2_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17171-5
Online ISBN: 978-3-319-17172-2
eBook Packages: Computer ScienceComputer Science (R0)