Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Mike Benjamin
@mikebdotorg
me:
BGP Concepts
Autonomous System
AS Path
Origin AS
Prefix / Route / Block
Prefix Length
BGP Hijacks
BGP announcements for equal or more specific prefixes
Owner AS100 announces 1.0.0.0/8
AS600 hijacks 1.0.0.0/8 (equal)
... or 1.2.3.0/24 (more specific)
Typos
Malice
DDoS Mitigation
Coverage
Adequate Trust
RPKI
6.7% [1]
Yes
IRR
72.8%
(62.3% correct)
Not really
Squatting
99.6%
No
[1] https://rpki-monitor.antd.nist.gov/
Detecting Hijacks
Check for hijacks and record first match from:
Route matched owner
Route and new origin AS match IRR record
New origin was an uplink in baseline data
New origin is a downlink of baseline owner
Remainder are assumed to be a real hijack
Results
2011-09-16 through 2016-09-15
Route From Owner
99.57%
Possible Hijack
0.43%
Detector Match
% Match
IRR
33%
Uplink
11%
Downlink
14%
Unknown
42%
Final Numbers
Year
UniqueHijacks
PerDay
2011
235
2012
261
2013
302
2014
404
2015
507
2016
418
Origin AS
Date
# AS Paths
58,123
AS31474
2011-10-21
35
31,674
AS7514
2015-07-17
25,610
AS9498
2015-11-06
23,206
AS9498
2015-11-07
977
22,574
AS8359
2016-06-30
8,089
AS4761
2014-04-02
5,049
AS7018
2013-03-20
4,602
AS29649
2013-07-31
190
4,292
AS201701 2015-10-11
4,072
AS18403
2016-09-14
[1]
[2]
1758
813
[3]
75
[4]
2222
Hijacking
AS
Hijacker
Country
Hijacker
Name
99%
AS27064
7212706627065
United States
DoD
95%
AS27051
721
United States
DoD
91%
AS2905
166372149137594
South Africa
MTN
88%
AS647
721597627066
United States
DoD
87%
AS5976
72164727066
United States
DoD
87%
AS1452
72114895800
United States
DoD
85%
AS3475
7216475237
United States
DoD
84%
AS27066
721270645976
United States
DoD
83%
AS246
390391440
United States
DoD
80%
AS491
391440395
United States
DoD
AS Paths can be
fabricated
Bogons
IP space which is reserved or not allocated
Includes RFC1918 space
Current allocations can be found at:
p.(afrinic|apnic|arin|lacnic|ripe).net/pub/stats/
Comparing updates to this data finds bogon routes
0.08% of all updates were bogons during the five years
Prefix
Type
Origin
AS
Origin Name
88%
172.102.0.0/22
Unallocated
Space
AS4812
China Telecom
84%
202.94.1.0/24
Unallocated
Space
AS4808
China Unicom
84%
192.124.252.0/22
Unallocated
Space
AS680
German NREN
84%
198.163.214.0/24
Unallocated
Space
AS21804
(Canada) Access
Communications
81%
192.188.208.0/20
Unallocated
Space
AS721
US Department of
Defense
81%
192.154.64.0/19
Unallocated
Space
AS81
Adopt RPKI
https://www.nist.gov/programs-projects/robust-inter-domain-routing
Push BGPSec
https://datatracker.ietf.org/wg/sidr/
Tools Used
bgpdump - https://bitbucket.org/ripencc/bgpdump/wiki/
py-radix - https://github.com/mjschultz/py-radix/
ipaddr-py - https://github.com/google/ipaddr-py
netaddr - https://pypi.python.org/pypi/netaddr
mongoDB - https://www.mongodb.com/community
PyMongo - https://api.mongodb.com/python/current/
reveal.js - http://lab.hakim.se/reveal-js/#/
Questions? Comments?@mikebdotorg