^ Top

NANOG Meeting Presentation Abstract

Large Route Leak Detection
Meeting: NANOG49
Date / Time: 2010-06-15 12:15pm - 12:30pm
Room: Grand
Presenters: Speakers:
Qing Ju, University of Arizona.

Beichuan Zhang, University of Arizona

Beichuan Zhang is an Assistant Professor in the Department of Computer Science <BR> at the University of Arizona. His research interests include Internet routing<BR> architectures and protocols, network topology, content distribution, and network security. He received Ph.D. in Computer Science from the University of California, Los <BR> Angeles (2003) and B.S. from Peking University, China (1995).
Varun Khare, University of Arizona.
Abstract: Prefix hijacking, in which an unauthorized network announces IP prefixes of other networks, is a major threat to the Internet routing security. Existing detection systems either generate many false positives, requiring frequent human intervention, or are designed to protect a small number of specific prefixes. Therefore they are not suitable to protect data traffic at networks other than the prefix owner during on-going hijacks.



We design and implement a system that detects a specific type of prefix hijacking, large route leaks, at real time and without requiring authoritative prefix ownership information.



In a large route leak, an unauthorized network hijacks prefixes owned by multiple different networks. By correlating suspicious routing announcements along the time dimension and comparing with a network’s past behavior, we are able to identify a network’s abnormal behavior of offending multiple other networks at the same time. Applying the detection algorithm to routing data from 2003 through 2009, we identify five to twenty large route leaks every year. They typically hijack prefixes owned by a few tens of other networks, last from a few minutes to a few hours, and pollute routes at most vantage points of the data collector.



In 2009 there are nine events detected, none of which was mentioned on operator mailing lists, but all of them are confirmed through our communication with individual operators of affected networks. The system can take real-time routing data feed and conduct the detection quickly, enabling automated response to these attacks without requiring authoritative prefix ownership information or human intervention.
Files: youtubeLarge Route Leak Detection
pdfLRL-NANOG49(PDF)
Sponsors: None.

Back to NANOG49 agenda.

NANOG49 Abstracts

  • Opening Remarks
    Speakers:
    Ken FloranceNetflix; .
    David MeyerProgram Committee Chair, Cisco/UO; .
    Donald WelchMerit Network; .
    David TemkinNetflix; .
  • Opening Remarks
    Speakers:
    Ken FloranceNetflix; .
    David MeyerProgram Committee Chair, Cisco/UO; .
    Donald WelchMerit Network; .
    David TemkinNetflix; .
  • Opening Remarks
    Speakers:
    Ken FloranceNetflix; .
    David MeyerProgram Committee Chair, Cisco/UO; .
    Donald WelchMerit Network; .
    David TemkinNetflix; .
  • Opening Remarks
    Speakers:
    Ken FloranceNetflix; .
    David MeyerProgram Committee Chair, Cisco/UO; .
    Donald WelchMerit Network; .
    David TemkinNetflix; .
  • 1slash8
    Speakers:
    George MichaelsonAPNIC; .
    Geoff HoustonAPNIC; .
    Eric WustrowMerit Network; .
    Manish KarirMerit Network; .
    Michael BaileyUniversity of Michigan; .
    Farnam JahanianUniversity of Michigan; .
  • 1slash8
    Speakers:
    George MichaelsonAPNIC; .
    Geoff HoustonAPNIC; .
    Eric WustrowMerit Network; .
    Manish KarirMerit Network; .
    Michael BaileyUniversity of Michigan; .
    Farnam JahanianUniversity of Michigan; .
  • 1slash8
    Speakers:
    George MichaelsonAPNIC; .
    Geoff HoustonAPNIC; .
    Eric WustrowMerit Network; .
    Manish KarirMerit Network; .
    Michael BaileyUniversity of Michigan; .
    Farnam JahanianUniversity of Michigan; .
  • 1slash8
    Speakers:
    George MichaelsonAPNIC; .
    Geoff HoustonAPNIC; .
    Eric WustrowMerit Network; .
    Manish KarirMerit Network; .
    Michael BaileyUniversity of Michigan; .
    Farnam JahanianUniversity of Michigan; .
  • 1slash8
    Speakers:
    George MichaelsonAPNIC; .
    Geoff HoustonAPNIC; .
    Eric WustrowMerit Network; .
    Manish KarirMerit Network; .
    Michael BaileyUniversity of Michigan; .
    Farnam JahanianUniversity of Michigan; .
  • 1slash8
    Speakers:
    George MichaelsonAPNIC; .
    Geoff HoustonAPNIC; .
    Eric WustrowMerit Network; .
    Manish KarirMerit Network; .
    Michael BaileyUniversity of Michigan; .
    Farnam JahanianUniversity of Michigan; .
  • IPv6 Enablement in the Home
    Moderators:
    John Jason Brzozowski, Comcast; Panelists:
    James Woodyatt, Apple, Inc.; Allen Huotari, Cisco; Salah NassarNetgear; .
  • IPv6 Enablement in the Home
    Moderators:
    John Jason Brzozowski, Comcast; Panelists:
    James Woodyatt, Apple, Inc.; Allen Huotari, Cisco; Salah NassarNetgear; .
  • IPv6 Enablement in the Home
    Moderators:
    John Jason Brzozowski, Comcast; Panelists:
    James Woodyatt, Apple, Inc.; Allen Huotari, Cisco; Salah NassarNetgear; .
  • IPv6 Enablement in the Home
    Moderators:
    John Jason Brzozowski, Comcast; Panelists:
    James Woodyatt, Apple, Inc.; Allen Huotari, Cisco; Salah NassarNetgear; .
  • Large Route Leak Detection
    Speakers:
    Qing JuUniversity of Arizona; .
    Beichuan Zhang, University of Arizona; Varun KhareUniversity of Arizona; .
  • Large Route Leak Detection
    Speakers:
    Qing JuUniversity of Arizona; .
    Beichuan Zhang, University of Arizona; Varun KhareUniversity of Arizona; .
  • Large Route Leak Detection
    Speakers:
    Qing JuUniversity of Arizona; .
    Beichuan Zhang, University of Arizona; Varun KhareUniversity of Arizona; .
  • Lightning Talks
    Speakers:
    Carlos VicenteUniversity of Oregon; .
    Robert RaszukCisco Systems; .
    Doug MadoryMadory; .
  • Lightning Talks
    Speakers:
    Carlos VicenteUniversity of Oregon; .
    Robert RaszukCisco Systems; .
    Doug MadoryMadory; .
  • Lightning Talks
    Speakers:
    Carlos VicenteUniversity of Oregon; .
    Robert RaszukCisco Systems; .
    Doug MadoryMadory; .

 

^ Back to Top