TY - CONF
T1 - PHAS
T2 - 15th USENIX Security Symposium
AU - Lad, Mohit
AU - Massey, Dan
AU - Pei, Dan
AU - Wu, Yiguo
AU - Zhang, Beichuan
AU - Zhang, Lixia
N1 - Funding Information:
∗This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No N66001-04-1-8926 and by National Science Fundation(NSF) under Contract No ANI-0221453. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the DARPA or NSF. †Computer Science Department, UCLA ‡Computer Science Department, Colorado State University §AT&T Labs–Research ¶Computer Science Department, University of Arizona
Funding Information:
This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No N66001-04-1-8926 and by National Science Fundation(NSF) under Contract No ANI-0221453. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the DARPA or NSF.
Publisher Copyright:
© 2006 USENIX Association. All rights reserved.
PY - 2006
Y1 - 2006
N2 - In a BGP prefix hijacking event, a router originates a route to a prefix, but does not provide data delivery to the actual prefix. Prefix hijacking events have been widely reported and are a serious problem in the Internet. This paper presents a new Prefix Hijack Alert System (PHAS). PHAS is a real-time notification system that alerts prefix owners when their BGP origin changes. By providing reliable and timely notification of origin AS changes, PHAS allows prefix owners to quickly and easily detect prefix hijacking events and take prompt action to address the problem. We illustrate the effectiveness of PHAS and evaluate its overhead using BGP logs collected from RouteViews. PHAS is light-weight, easy to implement, and readily deployable. In addition to protecting against false BGP origins, the PHAS concept can be extended to detect prefix hijacking events that involve announcing more specific prefixes or modifying the last hop in the path.
AB - In a BGP prefix hijacking event, a router originates a route to a prefix, but does not provide data delivery to the actual prefix. Prefix hijacking events have been widely reported and are a serious problem in the Internet. This paper presents a new Prefix Hijack Alert System (PHAS). PHAS is a real-time notification system that alerts prefix owners when their BGP origin changes. By providing reliable and timely notification of origin AS changes, PHAS allows prefix owners to quickly and easily detect prefix hijacking events and take prompt action to address the problem. We illustrate the effectiveness of PHAS and evaluate its overhead using BGP logs collected from RouteViews. PHAS is light-weight, easy to implement, and readily deployable. In addition to protecting against false BGP origins, the PHAS concept can be extended to detect prefix hijacking events that involve announcing more specific prefixes or modifying the last hop in the path.
UR - http://www.scopus.com/inward/record.url?scp=82755166662&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=82755166662&partnerID=8YFLogxK
M3 - Paper
AN - SCOPUS:82755166662
SP - 153
EP - 166
Y2 - 31 July 2006 through 4 August 2006
ER -