Deployment of Source Address Validation by Network Operators: A Randomized Control Trial

Lone, Qasim; Frik, Alisa; Luckie, Matthew; Korczyński, Maciej; Eeten, Michel van; Gañán, Carlos

doi:10.1109/sp46214.2022.9833701

Cited by 11 publications

(9 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While it is not surprising to see the former two because these are the most developed regions in the world, Brazil is an unexpected member. At the same time, a recent study shows [30] that the adoption of the anti-DDoS security best practices (namely, source address validation) in Brazilian ISPs is significantly faster than in the rest of the world.…”

Section: Utrs Members Characterizationmentioning

confidence: 99%

Who's Got My Back? Measuring the Adoption of an Internet-wide BGP RTBH Service

Anghel,

Zhauniarovich,

Gañán

2024

Abstracts of the 2024 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Sy

View full text Add to dashboard Cite

Section: Utrs Members Characterizationmentioning

confidence: 99%

Who's Got My Back? Measuring the Adoption of an Internet-wide BGP RTBH Service

Anghel,

Zhauniarovich,

Gañán

2024

Abstracts of the 2024 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Sy

View full text Add to dashboard Cite

“…Previous studies frequently encounter a high email bounce rate of over 50% [39], [40], [41], due to the incorrect or outof-date contact information in WHOIS [42]. Recently, Lone et al [43] propose that the reachability of notification emails can be effectively improved by prioritizing PeeringDB [44] and technical contacts. Therefore, we adopt the same method as Lone et al in our notification experiment.…”

Section: Notificationmentioning

confidence: 99%

“…To determine the appropriate contact for every non-deploying AS, we first check whether there is a technical email address in PeeringDB or WHOIS. If they correspond to two different technical email addresses, we prioritize the technical contact in PeeringDB because contacts in PeeringDB are considered more reliable [43], [45], [46]. If we cannot find a technical contact in PeeringDB and WHOIS, we choose to use the abuse contact and also prioritize the abuse contact in PeeringDB.…”

Section: Notificationmentioning

confidence: 99%

Understanding Route Origin Validation Deployment in the Real World and Why MANRS Action 1 Is Not Followed

Qin,

Chen,

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

BGP hijacking is one of the most important threats to routing security. To improve the reliability and availability of inter-domain routing, a lot of work has been done to defend against BGP hijacking, and Route Origin Validation (ROV) has become the best current practice. However, although the Mutually Agreed Norms for Routing Security (MANRS) has been encouraging network operators to at least validate announcements of their customers, recent research indicates that a large number of networks still do not fully deploy ROV or propagate illegitimate announcements of their customers. To understand ROV deployment in the real world and why network operators are not following the action proposed by MANRS, we make a long-term measurement for ROV deployment and further find that many non-compliant networks may deploy ROV only at part of customer interfaces, or at provider or peer interfaces. Then, we present the first notification experiment to investigate the impact of notifications on ROV remediation. However, our analysis indicates that none of the notification treatments has a significant effect. After that, we conduct a survey among network operators and find that economical and technical problems are the two major classes of reasons for non-compliance. Seeking a realistic ROV deployment strategy, we perform large-scale simulations, and, to our surprise, find that not following MANRS Action 1 can lead to better defence of prefix hijacking. Finally, with all our findings, we provide practical recommendations and outline future directions to help promote ROV deployment.

show abstract

“…Several initiatives aim at reducing the possibility of DDoS attacks [1,5,6,11,27,28,30,34,37,38,46,47,49,55,61], for instance, measurements of the amplification potential of different protocols and notifications of the affected parties. Other non-profit initiatives, such as Shadowserver Foundation [51], provide daily reports to network operators and 132 national Computer Security Incident Response Teams (CSIRTs).…”

Section: Introductionmentioning

confidence: 99%

“…Thus, DNS packets with spoofed IP addresses can leave the network. Recent work showed that such misconfigured networks are still not uncommon on the Internet[33,31] and they are publicly listed[8]. The attacker does not have any special hardware or software requirements, because a single DNS packet, occasionally resent, is enough to keep the loop going.…”

mentioning

confidence: 99%

Routing Loops as Mega Amplifiers for DNS-Based DDoS Attacks

Nosyk

Korczyński

Duda

2022

Passive and Active Measurement

View full text Add to dashboard Cite

DDoS attacks are one of the biggest threats to the modern Internet as their magnitude is constantly increasing. They are highly effective because of the amplification and reflection potential of different Internet protocols. In this paper, we show how a single DNS query triggers a response packet flood to the query source, possibly because of middleboxes located in networks with routing loops. We send DNS A requests to 3 billion routable IPv4 hosts and find 15,909 query destinations from 1,742 autonomous systems that trigger up to 46.7 million repeating responses. We perform traceroute measurements towards destination hosts that resulted in the highest amplification, locate 115 routing loops on the way, and notify corresponding network operators. Finally, we analyze two years of historical scan data and find that such "mega amplifiers" are prevalent. In the worst case, a single DNS A request triggered 655 million responses, all returned to a single host.

show abstract

Deployment of Source Address Validation by Network Operators: A Randomized Control Trial

Cited by 11 publications

References 48 publications

Who's Got My Back? Measuring the Adoption of an Internet-wide BGP RTBH Service

Who's Got My Back? Measuring the Adoption of an Internet-wide BGP RTBH Service

Understanding Route Origin Validation Deployment in the Real World and Why MANRS Action 1 Is Not Followed

Routing Loops as Mega Amplifiers for DNS-Based DDoS Attacks

Contact Info

Product

Resources

About