Mohit Lad scite author profile

Oliveira

et al. 2007

A prefix hijack attack involves an attacker announcing victim networks' IP prefixes into the global routing system. As a result, data traffic from portions of the Internet can be diverted to attacker networks. Prefix hijack attacks are a serious security threat in the Internet and it is important to understand the factors that affect the resiliency of victim networks against these attacks. In this paper, we conducted a systematic study to gauge the effectiveness of prefix hijacks launched at different locations in the Internet topology. Our study shows that direct customers of multiple tier-1 networks are the most resilient, even more than the tier-1 networks themselves. Conversely, if these customer networks are used to launch prefix hijacks, they would also be the most effective launching pads for attacks. We verified our results through case studies using real prefix hijack incidents that had occurred in the Internet.

show abstract

Visualizing Internet Routing Changes

Massey

IEEE Trans. Visual. Comput. Graphics

2006

Abstract-Today's Internet provides a global data delivery service to millions of end users and routing protocols play a critical role in this service. It is important to be able to identify and diagnose any problems occurring in Internet routing. However, the Internet's sheer size makes this task difficult. One cannot easily extract out the most important or relevant routing information from the large amounts of data collected from multiple routers. To tackle this problem, we have developed Link-Rank, a tool to visualize Internet routing changes at the global scale. Link-Rank weighs links in a topological graph by the number of routes carried over each link and visually captures changes in link weights in the form of a topological graph with adjustable size. Using Link-Rank, network operators can easily observe important routing changes from massive amounts of routing data, discover otherwise unnoticed routing problems, understand the impact of topological events, and infer root causes of observed routing changes.

show abstract

Identifying BGP routing table transfers

Kambhampati

et al. 2005

BGP routing updates collected by monitoring projects such as RouteViews and RIPE have been a vital source to our understanding of the global routing system. The updates logged by these monitoring projects are generated either by individual route changes, or are part of BGP table transfer. In particular, a session reset between a monitoring station and its BGP peers can result in the peer sending its entire BGP routing table to the monitoring station. In this paper, we present a Minimum Collection Time (MCT) algorithm that accurately identify the start and duration of routing table transfers. Using three months of data from 14 different peers, MCT can identify routing table transfers triggered by BGP session resets with 100% accuracy, and can pinpoint the exact starting time of table transfers in 90% of the cases.

show abstract

Analysis of BGP Update Surge during Slammer Worm Attack

Zhao

et al. 2003

An algorithmic approach to identifying link failures

Lad¹,

Nanavati²,

Massey

et al.