Design, Measurement and Management of Large-Scale IP Networks Book contents
- Frontmatter
- Contents
- Acknowledgments
- 1 Introduction
- 2 Background and context
- I Network monitoring and management
- II Network design and traffic engineering
- III From bits to services
- 12 From bits to services: information is power
- 13 Traffic classification in the dark
- 14 Classification of multimedia hybrid flows in real time
- 15 Detection of data plane malware: DoS and computer worms
- 16 Detection of control-plane anomalies: beyond prefix hijacking
- Appendix A How to link original and measured flow characteristics when packet sampling is used: bytes, packets and flows
- Appendix B Application-specific payload bit strings
- Appendix C BLINC implementation details
- Appendix D Validation of direction-conforming rule
- References
- Index
16 - Detection of control-plane anomalies: beyond prefix hijacking
from III - From bits to services
Published online by Cambridge University Press: 05 September 2012
- Frontmatter
- Contents
- Acknowledgments
- 1 Introduction
- 2 Background and context
- I Network monitoring and management
- II Network design and traffic engineering
- III From bits to services
- 12 From bits to services: information is power
- 13 Traffic classification in the dark
- 14 Classification of multimedia hybrid flows in real time
- 15 Detection of data plane malware: DoS and computer worms
- 16 Detection of control-plane anomalies: beyond prefix hijacking
- Appendix A How to link original and measured flow characteristics when packet sampling is used: bytes, packets and flows
- Appendix B Application-specific payload bit strings
- Appendix C BLINC implementation details
- Appendix D Validation of direction-conforming rule
- References
- Index
Summary
As already presented, the Internet routing system is partitioned into tens of thousands of independently administered Autonomous Systems (ASs). The Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol that maintains and exchanges routing information between ASs. However, the BGP was designed based on the implicit trust between all participants and does not employ any measure to authenticate the routes injected into or propagated through the system. Therefore, virtually any AS can announce any route into the routing system, and sometimes the bogus routes can trigger large-scale anomalies in the Internet. A canonical example occurred on April 25, 1997, when a misconfigured router maintained by a small service provider (AS7007) in Virginia, USA, injected incorrect routing information into the global Internet and claimed to have optimal connectivity to all Internet destinations. As a result, most Internet traffic was routed to this small ISP. The traffic overwhelmed the misconfigured and intermediate routers, and effectively crippled the Internet for almost two hours. Since then, many such events have been reported, some of them due to human mistakes, others due to malicious activities that exploited vulnerabilities in the BGP in order to cause large-scale damage. For example, it is common for spammers to announce an arbitrary prefix and then use that prefix to send spam from the hijacked address space, making the trace back and the spammer identity discovery much more difficult.
- Type
- Chapter
- Information
- Design, Measurement and Management of Large-Scale IP NetworksBridging the Gap Between Theory and Practice, pp. 341 - 366Publisher: Cambridge University PressPrint publication year: 2008