Name
Abstract | ||
|---|---|---|
A route leak can be defined as a security gap that occurs due to the infringement of the routing policies that any two Autonomous Systems (ASes) have agreed upon. Route leaks are seemingly simple, but hard to resolve since the ASes keep their routing policies confidential. Indeed, the traditional palliatives, such as the utilization of route filters, are no longer used by a large number of ASes, given the high administrative burden that they entail. Other alternatives, like BGP monitoring tools, not only require third party information gathered at multiple vantage points, but also they become impotent in many cases, due to their limited view of the interdomain routing state. In this paper, we propose a different approach, which allows to autonomously detect the occurrence of route leaks by solely inspecting the BGP information available at the AS. Our main contributions can be summarized as follows. First, we propose a self-contained Route Leak Detection (RLD) technique, which is based on real-time analytics on the Route Information Bases (RIBs) of the border routers of an AS. Second, we introduce Benign Fool Back (BFB), "a harmless bluff" that can substantially improve the success rate of the RLD technique. Third, we show through exhaustive simulations that our technique can detect route leak incidents in various scenarios with high success rate. In addition, our solution has the following practical advantages: a) no reliance on third party information (e.g., on vantage points); b) no changes required to control-plane protocols (e.g., to BGP); and c) allows non-invasive integration (e.g., using SDN). |
Year | DOI | Venue |
|---|---|---|
2014 | 10.1109/GLOCOM.2014.7037092 | Global Communications Conference |
Keywords | Field | DocType |
internetworking,routing protocols,BGP monitoring tools,autonomous systems,benign fool back,border gateway protocol,control-plane protocols,local BGP information,noninvasive integration,real-time analytics,route filters,route information bases,route leak detection,routing policies,vantage points,BGP,inter-domain routing,route leaks,security | Default-free zone,Computer science,Computer security,Computer network,route,Interior gateway protocol,Border Gateway Protocol,Source routing,Routing Information Protocol,Route poisoning,Split horizon route advertisement | Conference |
ISSN | Citations | PageRank |
2334-0983 | 0 | 0.34 |
References | Authors | |
5 | 7 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| M. S. Siddiqui | 1 | 0 | 0.34 |
| D. Montero | 2 | 80 | 5.69 |
| Marcelo Yannuzzi | 3 | 202 | 21.82 |
| René Serral-Gracià | 4 | 88 | 12.48 |
| Xavier Masip-Bruin | 5 | 374 | 48.12 |
| Wilson Ramírez | 6 | 36 | 4.59 |
| Serral-Gracia, R. | 7 | 64 | 3.94 |