Concurrent prefix hijacks: Occurrence and impacts

Varun Khare, Qing Ju, Beichuan Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Scopus citations


A concurrent prefix hijack happens when an unauthorized network originates IP prefixes of multiple other networks. Its extreme case is leaking the entire routing table, i.e., hijacking all the prefixes in the table. This is a well-known problem and there exists a preventive measure in practice to safeguard against it. However, we investigated and uncovered many concurrent prefix hijacks that didn't involve a full-table leak. We report these events and their impact on Internet routing. y correlating suspicious routing announcements and comparing it with a network's past routing announcements, we develop a method to detect a network's abnormal behavior of offending multiple other networks simultaneously. Applying the detection algorithm to BGP routing updates from 2003 through 2010, we identify five to twenty concurrent prefix hijacks every year, most of which are previously unknown to the research and operation communities at large. They typically hijack prefixes owned by a few tens of networks, last from a few minutes to a few hours, and pollute routes at most vantage points.

Original languageEnglish (US)
Title of host publicationIMC 2012 - Proceedings of the ACM Internet Measurement Conference
Number of pages7
StatePublished - 2012
Event2012 ACM Internet Measurement Conference, IMC 2012 - Boston, MA, United States
Duration: Nov 14 2012Nov 16 2012

Publication series

NameProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC


Other2012 ACM Internet Measurement Conference, IMC 2012
Country/TerritoryUnited States
CityBoston, MA


  • bgp security
  • prefix hijacking

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'Concurrent prefix hijacks: Occurrence and impacts'. Together they form a unique fingerprint.

Cite this