Advertisement

Route Leaks Identification by Detecting Routing Loops

  • Song Li
  • Haixin Duan
  • Zhiliang Wang
  • Xing Li
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 164)

Abstract

Route leaks have become an important security problem of inter-domain routing. Operators increasingly suffer from large-scale or small-scale route leak incidents in recent years. Route leaks can redirect traffic to unintended networks, which puts the traffic at risk of Man-in-the-Middle attack. Unlike other security threats such as prefix hijacking that advertises bogus BGP route, route leaks announce routes which are true but in violation of routing policies to BGP neighbors. Since the routing policies are usually kept confidential, detecting route leaks in the Internet is a challenging problem. In this paper, we reveal a link between routing loops and route leaks. We find that some route leaks may cause routing loops. Hence detecting routing loops is expected to be able to identify route leaks. We provide theoretical analysis to confirm the expectation, and further propose a detection mechanism which can identify the leaked route as well as the perpetrator AS. Our mechanism does not require information about routing policies. It passively monitors BGP routes to detect route leaks and hence it is lightweight and easy to deploy. The evaluation results show that our mechanism can detect a lot of route leaks that occur in the Internet per day.

Keywords

AS relationship Routing policies Route leaks Routing loops Identification 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    The caida as organizations dataset - 20150101. http://data.caida.org/datasets/as-organizations
  2. 2.
  3. 3.
  4. 4.
    Irr - internet routing registry. http://www.irr.net
  5. 5.
  6. 6.
  7. 7.
  8. 8.
    University of oregon route views project. http://www.routeviews.org
  9. 9.
    Dickson, B.: Route leaks - definitions (2012). http://tools.ietf.org/html/draft-dickson-sidr-route-leak-def-03
  10. 10.
    Dickson, B.: Route leaks - requirements for detection and prevention thereof (2012). http://tools.ietf.org/html/draft-dickson-sidr-route-leak-reqts-02
  11. 11.
    Faratin, P., Clark, D.D., Bauer, S., Lehr, W.: Complexity of internet interconnections: Technology, incentives and implications for policy (2007)Google Scholar
  12. 12.
    Gao, L.: On inferring autonomous system relationships in the internet. IEEE/ACM Trans. Netw. 9(6), 733–745 (2001)CrossRefGoogle Scholar
  13. 13.
    Gill, P., Schapira, M., Goldberg, S.: A survey of interdomain routing policies. Computer Communication Review 44(1), 28–34 (2014)CrossRefGoogle Scholar
  14. 14.
    Giotsas, V., Zhou, S.: Valley-free violation in internet routing–analysis based on bgp community data. In: 2012 IEEE International Conference on Communications (ICC), pp. 1193–1197. IEEE (2012)Google Scholar
  15. 15.
    Goldberg, S.: Why is it taking so long to secure internet routing? Communications of the ACM 57(10), 56–63 (2014)CrossRefGoogle Scholar
  16. 16.
    Huston, G.: Leaking routes (2012). http://labs.apnic.net/?p=139
  17. 17.
    Huston, G.: Mitm and routing security (2013). http://labs.apnic.net/?p=447
  18. 18.
    Kent, S., Lynn, C., Seo, K.: Secure border gateway protocol (s-bgp). IEEE Journal on Selected Areas in Communications 18(4), 582–592 (2000)CrossRefGoogle Scholar
  19. 19.
    Kosub, S., Maaß, M.G., Täubig, H.: Acyclic type-of-relationship problems on the internet. In: Erlebach, T. (ed.) CAAN 2006. LNCS, vol. 4235, pp. 98–111. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Lepinski, M., Kent, S.: An Infrastructure to Support Secure Internet Routing. RFC 6480, February 2012Google Scholar
  21. 21.
    Lepinski, M., Turner, S.: An overview of bgpsec (2015). http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-overview-07
  22. 22.
    Luckie, M., Huffaker, B., Dhamdhere, A., Giotsas, V., et al.: As relationships, customer cones, and validation. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 243–256. ACM (2013)Google Scholar
  23. 23.
    McPherson, D., Amante, S., Osterweil, E., Mitchell, D.: Route-leaks & mitm attacks against bgpsec, April 2014. http://tools.ietf.org/html/draft-ietf-grow-simple-leak-attack-bgpsec-no-help-04
  24. 24.
    Ng, J.: Extensions to bgp to support secure origin bgp (sobgp), April 2004. http://tools.ietf.org/html/draft-ng-sobgp-bgp-extensions-02
  25. 25.
    Oliveira, R., Willinger, W., Zhang, B., et al.: Quantifying the completeness of the observed internet as-level structure (2008)Google Scholar
  26. 26.
    van Oorschot, P.C., Wan, T., Kranakis, E.: On interdomain routing security and pretty secure bgp (psbgp). ACM Transactions on Information and System Security (TISSEC) 10(3), 11 (2007)CrossRefGoogle Scholar
  27. 27.
    Qiu, S.Y., McDaniel, P.D., Monrose, F.: Toward valley-free inter-domain routing. In: IEEE International Conference on Communications, ICC 2007, pp. 2009–2016. IEEE (2007)Google Scholar
  28. 28.
    Siddiqui, M., Montero, D., Serral-Gracià, R., Yannuzzi, M.: Self-reliant detection of route leaks in inter-domain routing. Computer Networks 82, 135–155 (2015)CrossRefGoogle Scholar
  29. 29.
    Sundaresan, S., Lychev, R., Valancius, V.: Preventing attacks on bgp policies: One bit is enough (2011)Google Scholar
  30. 30.
    Wetherall, D., Mahajan, R., Anderson, T.: Understanding bgp misconfigurations. In: Proc. ACM SIGCOMM (2002)Google Scholar
  31. 31.
    Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M., Bush, R.: Ispy: detecting ip prefix hijacking on my own. ACM SIGCOMM Computer Communication Review 38(4), 327–338 (2008)CrossRefGoogle Scholar

Copyright information

© Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015

Authors and Affiliations

  1. 1.Department of Electronic EngineeringTsinghua UniversityBeijingChina
  2. 2.Institute of Network Science and CyberspaceTsinghua UniversityBeijingChina

Personalised recommendations