Blackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild

Dietzel, Christoph; Feldmann, Anja; King, Thomas

doi:10.1007/978-3-319-30505-9_24

Cited by 50 publications

(50 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figure 4 plots the fraction of all covered BGP announcements that were invalid that we observed during our measurement period. However, according to the recommended best practices for network operators, BGP routes for prefixes more specific than /24 are not usually accepted to prevent routing table deaggregation [19,31]. Thus, to obtain the effective BGP announcements that will end up in BGP tables, we also plot the same graph and filter out the BGP announcements more specific than /24 in the bottom plot.…”

Section: Invalid Announcementsmentioning

confidence: 99%

RPKI is Coming of Age

Chung

Aben²,

Bruijnzeels

et al. 2019

Proceedings of the Internet Measurement Conference

View full text Add to dashboard Cite

Despite its critical role in Internet connectivity, the Border Gateway Protocol (BGP) remains highly vulnerable to attacks such as prefix hijacking, where an Autonomous System (AS) announces routes for IP space it does not control. To address this issue, the Resource Public Key Infrastructure (RPKI) was developed starting in 2008, with deployment beginning in 2011. This paper performs the first comprehensive, longitudinal study of the deployment, coverage, and quality of RPKI. We use a unique dataset containing all RPKI Route Origin Authorizations (ROAs) from the moment RPKI was first deployed, more than 8 years ago. We combine this dataset with BGP announcements from more than 3,300 BGP collectors worldwide. Our analysis shows the after a gradual start, RPKI has seen a rapid increase in adoption over the past two years. We also show that although misconfigurations were rampant when RPKI was first deployed (causing many announcements to appear as invalid) they are quite rare today. We develop a taxonomy of invalid RPKI announcements, then quantify their prevalence. We further identify suspicious announcements indicative of prefix hijacking and present case studies of likely hijacks. Overall, we conclude that while misconfigurations still do occur, RPKI is "ready for the big screen," and routing security can be increased by dropping invalid announcements. To foster reproducibility and further studies, we release all RPKI data and the tools we used to analyze it into the public domain.

show abstract

Section: Invalid Announcementsmentioning

confidence: 99%

RPKI is Coming of Age

Chung

Aben²,

Bruijnzeels

et al. 2019

Proceedings of the Internet Measurement Conference

View full text Add to dashboard Cite

show abstract

“…Giotsas et al [11] present a comprehensive characterization of BGP blackholing activity, based on BGP data. Dietzel et al [24] and Chatzis et al [25] emphasize that IXPs play a key role in deploying blackholing. Our contribution focuses instead on correlating DoS attacks and blackholing events.…”

Section: Related Workmentioning

confidence: 99%

A First Joint Look at DoS Attacks and BGP Blackholing in the Wild

Jonker

Pras

Dainotti

et al. 2018

Proceedings of the Internet Measurement Conference 2018

View full text Add to dashboard Cite

BGP blackholing is an operational countermeasure that builds upon the capabilities of BGP to achieve DoS mitigation. Although empirical evidence of blackholing activities are documented in literature, a clear understanding of how blackholing is used in practice when attacks occur is still missing. This paper presents a first joint look at DoS attacks and BGP blackholing in the wild. We do this on the basis of two complementary data sets of DoS attacks, inferred from a large network telescope and DoS honeypots, and on a data set of blackholing events. All data sets span a period of three years, thus providing a longitudinal overview of operational deployment of blackholing during DoS attacks.

show abstract

“…Second, inbound policies must be installed in every edge switch because the computation of a packet's egress point occurs when the packet first enters the IXP network. Finally, members' blackholing [23] policies are replicated at those IXP ingress switches where the targeted malicious traffic is expected to enter the fabric. However, given the current nature of DDoS (Distributed Denial of Service) attacks where multiple sources target a single destination, blackholing policies can be aggregated and installed at the IXP egress switches only, thus trading lower forwarding state space for higher IXP fabric bandwidth overhead.…”

Section: A Scaling the Forwarding Statementioning

confidence: 99%

“…To evaluate the blackholing capabilities of the ENDEAV-OUR platform, we record the BGP blackholing updates at a large European IXP [23] over the course of one day. These announcements and withdrawals are then replayed by using the ENDEAVOUR blackholing API.…”

Section: Blackholingmentioning

confidence: 99%

ENDEAVOUR: A Scalable SDN Architecture For Real-World IXPs

Antichi

Castro

Chiesa

et al. 2017

IEEE J. Select. Areas Commun.

Self Cite

View full text Add to dashboard Cite

Abstract-Innovation in interdomain routing has remained stagnant for over a decade. Recently, IXPs have emerged as economically-advantageous interconnection points for reducing path latencies and exchanging ever increasing traffic volumes among, possibly, hundreds of networks. Given their far-reaching implications on interdomain routing, IXPs are the ideal place to foster network innovation and extend the benefits of SDN to the interdomain level.In this paper, we present, evaluate, and demonstrate EN-DEAVOUR, an SDN platform for IXPs. ENDEAVOUR can be deployed on a multi-hop IXP fabric, supports a large number of use cases, and is highly-scalable while avoiding broadcast storms. Our evaluation with real data from one of the largest IXPs, demonstrates the benefits and scalability of our solution: ENDEAVOUR requires around 70% fewer rules than alternative SDN solutions thanks to our rule partitioning mechanism. In addition, by providing an open source solution, we invite everyone from the community to experiment (and improve) our implementation as well as adapt it to new use cases.

show abstract

Blackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild

Cited by 50 publications

References 19 publications

RPKI is Coming of Age

RPKI is Coming of Age

A First Joint Look at DoS Attacks and BGP Blackholing in the Wild

ENDEAVOUR: A Scalable SDN Architecture For Real-World IXPs

Contact Info

Product

Resources

About