Internet Exchange Points (IXPs) play a fundamental role in the exchange of data between Internet Service Providers (ISPs). However, they face one of the main challenges of the Border Gateway Protocol (BGP): trust-based route sharing. This feature introduces a series of vulnerabilities that can be exploited by attackers to hijack or disrupt traffic. Despite the presence of various countermeasures such as Internet Routing Registries (IRRs) or the Resource Public Key Infrastructure (RPKI), the lack of implementation by the majority of Autonomous Systems (ASes), limits their effectiveness. In this paper, we define a tool that supports IXPs operation, enhancing the security of BGP peering in their infrastructure. The proposed approach analyses the information contained in BGP UPDATE messages received by the route-server of an IXP to identify possible prefix hijacking attacks. This set of prefixes are then used to define and compute a \textit{Risk Level} value associated with each AS, providing network operators with an indication of anomalous behaviours. To achieve this objective, data obtained from the route-server one of the main Italian IXP, are examined, showing a real application of our tool.
Autonomous System Risk Level in the Route Server Infrastructure of an Internet Exchange Point / Servillo, Stefano; Spadaccino, Pietro; Cuomo, Francesca; Luciani, Flavio. - (2024), pp. 1-9. (Intervento presentato al convegno IFIP Networking 2024 tenutosi a Thessaloniki, Greece).
Autonomous System Risk Level in the Route Server Infrastructure of an Internet Exchange Point
Stefano Servillo;Pietro Spadaccino;Francesca Cuomo;
2024
Abstract
Internet Exchange Points (IXPs) play a fundamental role in the exchange of data between Internet Service Providers (ISPs). However, they face one of the main challenges of the Border Gateway Protocol (BGP): trust-based route sharing. This feature introduces a series of vulnerabilities that can be exploited by attackers to hijack or disrupt traffic. Despite the presence of various countermeasures such as Internet Routing Registries (IRRs) or the Resource Public Key Infrastructure (RPKI), the lack of implementation by the majority of Autonomous Systems (ASes), limits their effectiveness. In this paper, we define a tool that supports IXPs operation, enhancing the security of BGP peering in their infrastructure. The proposed approach analyses the information contained in BGP UPDATE messages received by the route-server of an IXP to identify possible prefix hijacking attacks. This set of prefixes are then used to define and compute a \textit{Risk Level} value associated with each AS, providing network operators with an indication of anomalous behaviours. To achieve this objective, data obtained from the route-server one of the main Italian IXP, are examined, showing a real application of our tool.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
