An Internet-Scale Feasibility Study of BGP Poisoning as a Security Primitive

11/08/2018
by   Jared M. Smith, et al.
0

The security of the routing infrastructure as a set of protocols and routing process has underpinned much of the past two decades of distributed systems security research. However, the converse is becoming increasingly true. Routing and path decisions are now important for the security properties of systems built on top of the Internet. In particular, BGP poisoning leverages the de facto routing protocol between Autonomous Systems (ASes) to maneuver the return paths of upstream networks onto previously unusable, new paths. These new paths can be used to avoid congestion, censors, geo-political boundaries, or any feature of the topology which can be expressed at an AS-level. Given the increase in use of BGP poisoning as a security primitive for security systems, we set out to evaluate the feasibility of poisoning in practice, going beyond simulation. To that end, using a novel multi-country and multi-router Internet-scale measurement infrastructure, we capture and analyze over 1,400 instances of BGP poisoning across thousands of ASes as a mechanism to maneuver return paths of traffic. We additionally analyze filtering of BGP poisoning, connectivity concerns when poisoning, the presence of ASes that completely ignore poisoned providers, and finally an exhaustive measurement of a first-of-its-kind upper bound on the maximum path length of the Internet.

READ FULL TEXT

page 1

page 5

page 6

page 8

page 9

research
05/10/2019

Inferring Catchment in Internet Routing

BGP is the de-facto Internet routing protocol for exchanging prefix reac...
research
05/11/2023

Quality Competition Among Internet Service Providers in a Path-Aware Internet

Internet service providers (ISPs) have a variety of quality attributes t...
research
11/08/2017

The (thin) Bridges of AS Connectivity: Measuring Dependency using AS Hegemony

Inter-domain routing is a crucial part of the Internet designed for arbi...
research
04/20/2019

Measuring Irregular Geographic Exposure on the Internet

In this work, we examine to what extent the Internet's routing infrastru...
research
07/22/2021

BGP-Multipath Routing in the Internet

BGP-Multipath (BGP-M) is a multipath routing technique for load balancin...
research
10/07/2014

Defending Tor from Network Adversaries: A Case Study of Network Path Prediction

The Tor anonymity network has been shown vulnerable to traffic analysis ...
research
04/10/2018

What's (Not) Validating Network Paths: A Survey

Validating network paths taken by packets is critical for a secure Inter...

Please sign up or login with your details

Forgot password? Click here to reset