On the use of Enhanced Bogon Lists (EBLs) to detect malicious traffic

Vaidyanathan, Ravi; Ghosh, Abhijeet; Sawaya, Yukiko; Kubota, Ayumu

doi:10.1109/iccnc.2012.6167411

Cited by 4 publications

(1 citation statement)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In particular, the most common problem is that these lists are usually not updated as soon as new allocations are made, and therefore valid routes can be filtered out. Vaidyanathan et al [74] introduced in the bogon lists the semi-dark space, addresses that are not in operational use. All these works focus on IP allocation rather than ASes.…”

Section: Related Workmentioning

confidence: 99%

The parallel lives of autonomous systems

Nemmi

Sassi

Morgia

et al. 2021

Proceedings of the 21st ACM Internet Measurement Conference

View full text Add to dashboard Cite

Autonomous Systems (ASes) exist in two dimensions on the Internet: the administrative and the operational one. Regional Internet Registries (RIRs) rule the former, while BGP the latter. In this work, we reconstruct the lives of the ASes on both dimensions, performing a joint analysis that covers 17 years of data. For the administrative dimension, we leverage delegation files published by RIRs to report the daily status of Internet resources they allocate. For the operational dimension, we characterize the temporal activity of ASNs in the Internet control plane using BGP data collected by the RouteViews and RIPE RIS projects. We present a methodology to extract insights about AS life cycles, including dealing with pitfalls affecting authoritative public datasets. We then perform a joint analysis to establish the relationship (or lack of) between these two dimensions for all allocated ASNs and all ASNs visible in BGP. We characterize the usual behaviors, specific differences between RIRs and historical resources, as well as measure the discrepancies between the two łparallelž lives. We find discrepancies and misalignment that reveal useful insights, and we highlight through examples the potential of this new lens to help pinpoint malicious BGP activity and various types of misconfigurations. This study illuminates a largely unexplored aspect of the Internet global routing system and provides methods and data to support broader studies that relate to security, policy, and network management.

show abstract

Section: Related Workmentioning

confidence: 99%