Skip to main content
Log in

Qualitative Analysis of Methods for Circumventing Malicious ISP Blocking

  • Research Article – Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

Today, the internet is crucial for everyday needs including business and governmental applications, therefore its resiliency to attacks and outage is critical. International Internet Service Providers (IISPs) usually provide connectivity to customers, but can intentionally, as in the case of enforcing an internet embargo, or unintentionally, as in the case of a security breach, block incoming and outgoing traffic while still advertising reachability information to the prefix they seem to provide connectivity for. These two scenarios result in isolating the prefix owner from the internet. Under the assumption that another cooperating IISP exists, the paper investigates three major techniques to overcome internet blockage due to internet embargo or a security breaches. First, a solution based on BGP tuning is presented where the focus is on configuring router(s) to direct the outgoing traffic and to influence the incoming traffic to pass through the cooperating IISP. The second solution utilizes virtual peering which uses a multi-hop BGP session and establishes a tunnel through the intended ISP to provide a deterministic control of incoming traffic. For the third solution, we propose a virtual transit approach in which multiple routers distributed across the internet work as a transit for the blocked local region. This solution extends virtual peering where routers advertise a shorter path to other peers on the internet. We compare the three proposed solutions in terms of traffic filtering, setup overhead, communication overhead, difficulty to offset the solution, and scalability. Finally, we also present a brief validation and proof of concept for the BGP-based solution utilizing simulations.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Internet World Stats (2009). http://www.internetworldstats.com/stats.htm

  2. Abu-Amara, M.; Mahmoud, A.S.; Azzedin, F.; Sqalli, M.H.: Internet access denial by international internet service providers: analysis and counter measures, Research proposal for National Science, Technology and Innovation Plan (NSTIP), Project # 08-INF97-4, submitted to King Abdulaziz City for Science and Technology (KACST), Riyadh, KSA, April 2008

  3. Drummond, D.: A new approach to china. The Official Google Blog (2010). http://googleblog.blogspot.com/2010/01/new-approach-to-china.html

  4. Finkle, J.; Bartz, D.: Twitter hacked, attacker claims Iran link (2009). http://www.reuters.com/article/idUSTRE5BH2A620091218

  5. Wan, T.; Oorschot, P.C.V.; Kranakis, E.: A Selective Introduction to Border Gateway Protocol (BGP) Security Issues, Carleton University (2005)

  6. Rekhter, Y.; Li, T.; Hares, S.: IETF-A Border Gateway Protocol 4 (BGP-4) (2006). http://www.ietf.org/rfc/rfc4271.txt

  7. Butler, K.; Farley, T.; McDanial, P.; Rexford, J.: A Survey of BGP Security, AT&T Labs, Research, Florham Park, NJ, Technical Report TD-5UGJ33 (2005)

  8. Murphy, S.: IETF -BGP Security Vulnerabilities Analysis (2006). http://www.ietf.org/rfc/rfc4272.txt

  9. Butler, K.; Farley, T.; McDaniel, P.; Rexford, J.: A survey of BGP security issues and solutions. In: Proceedings of the IEEE, vol. 98 (1), pp. 100–122 (2010)

  10. Nicholes M.O., Mukerjee B.: A Survey of Security Techniques for the Border Gateway Protocol (BGP). IEEE Commun. Surv. Tutorials 11(1), 52–65 (2009)

    Article  Google Scholar 

  11. Nordstrom O., Dovrolis C.: Beware of BGP attacks. ACM SIGCOMM Comput. Commun. Rev. 34(2), 1–8 (2004)

    Article  Google Scholar 

  12. Villamizar, C.; Chandra, R.; G.R.: IETF (1998). http://www.ietf.org/rfc/rfc2439.txt

  13. Mahajan, R.; Wetherall, D.; Anderson, T.: Understanding BGP misconfiguration. In: Proceedings of ACM Sigcomm, pp. 3–16 (2002)

  14. Farrar, J.A.: Merit Network Email List Archives (2001). http://www.merit.edu/mail.archives/nanog/2001-04/msg00209.html

  15. Kent S., Lynn C., Mikkelson J., Seo K.: Secure Border Gateway Protocol (S-BGP). IEEE J. Sel. Areas Commun. 18(4), 582–592 (2000)

    Article  Google Scholar 

  16. Wang, N.; Wang, B.: AT: an origin verification mechanism based on assignment track for securing BGP. IEEE Int. Confer. Commun. (ICC’08) 5739–5745 (2008)

  17. Ortiz S.: Securing the Internet’s routing infrastructure. IEEE Comput. 42(4), 21–23 (2009)

    Article  MathSciNet  Google Scholar 

  18. Lad, M.; Massey, D.; Pei, D.; Wu, Y.; Zhang, B.; Zhang, L.: PHAS: A Prefix Hijack Alert System. In: Proceedings of the 15th conference on USENIX Security, Vancouver (2006)

  19. Oregon, U.o.: The Route Views Project. http://www.routeviews.org/

  20. Zheng, C.; Ji, L.; Pei, D.; Wang, J.; Francis, P.: A light-weight distributed scheme for detecting IP prefix Hijacks in real-time. In: SIGCOMM’07, Kyoto (2007)

  21. Hu, X.; Mao, Z.M.: Accurate real-time identification of IP hijacking. In: IEEE symposium on security and privacy (2007)

  22. Quoitin, B.: BGP-based interdomain traffic engineering. Ph.d. Dissertation, Universite catholique de Louvain, Louvain-la-Neuve Belgium (2006)

  23. Quoitin B., Uhlig S.: Modeling the routing of an Autonomous System with C-BGP. IEEE Netw. 19(6), 12–19 (2005)

    Article  Google Scholar 

  24. Quoitin, B.; Bonaventure, O.: A cooperative approach to interdomain traffic. In: Proceedings of the 1st conference on next generation internet networks traffic engineering, Rome, Italy (2005)

  25. Quoitin B., Pelsser C., Swinnen L., Bonaventure O., Bonaventure O., Bonaventure O.: Interdomain traffic engineering with BGP. 41(5), 122–128 (2003)

  26. Chang, R.K.C.; Lo, M.: Inbound traffic engineering for multi-homed ASes using AS path prepending. In: Network Operations and Management Symposium, vol. 1, pp. 98–102

  27. AlRefai, A.: BGP-based solutions for international ISP blocking. Master Thesis submitted to Deanship of Graduate Studies, King Fahd University of Petroleum and Minerals (2010)

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ashraf S. Mahmoud.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Mahmoud, A.S., Alrefai, A.S., Abu-Amara, M. et al. Qualitative Analysis of Methods for Circumventing Malicious ISP Blocking. Arab J Sci Eng 37, 1911–1928 (2012). https://doi.org/10.1007/s13369-012-0307-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-012-0307-1

Keywords

Navigation