15th USENIX Security Symposium Abstract
Pp. 153166 of the Proceedings
PHAS: A Prefix Hijack Alert System
Mohit Lad, University of California, Los Angeles;
Dan Massey, Colorado State University;
Dan Pei, AT&T LabsResearch;
Yiguo Wu, University of California, Los Angeles;
Beichuan Zhang, University of Arizona;
Lixia Zhang, University of California, Los Angeles
In a BGP prefix hijacking event, a router originates
a route to a prefix, but does not provide data delivery
to the actual prefix. Prefix hijacking events have been
widely reported and are a serious problem in the Internet.
This paper presents a new Prefix Hijack Alert System
(PHAS). PHAS is a real-time notification system that
alerts prefix owners when their BGP origin changes. By
providing reliable and timely notification of origin AS
changes, PHAS allows prefix owners to quickly and easily
detect prefix hijacking events and take prompt action
to address the problem. We illustrate the effectiveness
of PHAS and evaluate its overhead using BGP logs collected
from RouteViews. PHAS is light-weight, easy to
implement, and readily deployable. In addition to protecting
against false BGP origins, the PHAS concept can
be extended to detect prefix hijacking events that involve
announcing more specific prefixes or modifying the last
hop in the path.
- View the full text of this paper in HTML and PDF. Listen to the presentation and Q & A in MP3 format.
Until August 2007, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2006 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.