Mind your MANRS

Du, Ben; Testart, Cecilia; Fontugne, Romain; Akiwate, Gautam; Snoeren, Alex C.; claffy, kc

doi:10.1145/3517745.3561419

Cited by 7 publications

(4 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The findings highlight the need for the RPKI as a cryptographically proven database with accurate information. Du et al [80] further investigated the level of conformity of ASes participating in the Mutually Agreed Norms for Routing Security (MANRS) project. MANRS is an initiative that attempts to improve routing security.…”

Section: A Origin Validationmentioning

confidence: 99%

See 1 more Smart Citation

The Resource Public Key Infrastructure (RPKI): A Survey on Measurements and Future Prospects

Rodday,

Cunha,

Bush

et al. 2024

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

The adoption of the Resource Public Key Infrastructure (RPKI) is increasing. To better understand and improve RPKI deployment, measuring route origin authorization (ROA) objects, RPKI route origin validation (ROV), and RPKI resilience is essential. In this paper, we survey RPKI-related research that aims to understand RPKI deployment. Additionally, we enrich our survey with many industry and IETF-related contributions.Our work provides an in-depth analysis of the many ideas and challenges discussed in studies of the RPKI ecosystem and includes lessons from mistakes made in the past, which we should avoid in the future.

show abstract

Section: A Origin Validationmentioning

confidence: 99%

“…Du et al [164] used BGP collector data in 2023 to rank ASes accordingly to their number of propagated RPKI invalids. They emphasize that these ASes should deploy ROV most urgently to shrink the number of RPKI invalids in the wild.…”

Section: A Control Plane Measurementsmentioning

confidence: 99%

The Resource Public Key Infrastructure (RPKI): A Survey on Measurements and Future Prospects

Rodday,

Cunha,

Bush

et al. 2024

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

show abstract

“…A similar effort for routing security -Mutually Agreed Norms for Routing Security -provided inspiration for this initiative. In the MANRS program, operators are encouraged to voluntarily commit to a set of practices that will improve collective routing security [23]. Likewise, in KINDNS operators commit to adhere to the defined best practices and self-asses their compliance.…”

Section: Increasing Resilience: a Technical And Policy Effortmentioning

confidence: 99%

“…In 2021, anycast adoption increased, with 1,423 TLDs (97%) using anycast while only 50 TLDs (3%) relied solely on unicast authoritative nameservers. For the ccTLDs, 45 of the 79 ccTLDs using unicast (57%) in 2017 moved to either mixed (23) or full (22) anycast infrastructure by 2021. For the ngTLDs, which already had widespread anycast adoption, 10 of the remaining 25 TLDs (40%) using unicast in 2017 moved to mixed or full anycast by 2021.…”

Section: Increasing Adoption Of Anycastmentioning

confidence: 99%

Everything in its right place: Improving DNS resilience

Sommese¹

View full text Add to dashboard Cite

In 2023, the Domain Name System (DNS) will celebrate 40 years since its creation. Despite the passing of four decades, the DNS continues to play a fundamental role in today's Internet. Specifically, the DNS provides the essential service of translating human-readable domain names (e.g., example.org) to IP addresses (e.g., 93.184.216.34).Over the years, the Internet has become increasingly vital to our modern society. The continuous flow of information that takes place on the Internet every day cannot be stopped without catastrophic consequences. In addition, services of crucial importance for people's everyday lives, such as government services, are increasingly transitioning to digital infrastructure. Given the importance of the DNS for the functioning of the Internet and modern society, any issues that the DNS encounters nowadays would have far-reaching consequences. However, over the past 40 years, weaknesses in the DNS system have emerged. One of the most significant cybersecurity threats facing the DNS today are Distributed Denial of Service (DDoS) attacks, which can have a severe impact on the availability of the DNS ecosystem. Recent events show that targeted attacks on even a small portion of the DNS infrastructure can impact millions of services and users.In this scenario, a comprehensive characterization of the resilience mechanisms of the DNS authoritative infrastructure, along with an analysis of threats against this resilience, is missing. This gap has led us to the main goal and contribution of this thesis. To achieve this goal, we use a mixed measurement and analytical approach, which has focused on different detractors of DNS resilience. Specifically, throughout the course of this thesis, we analyze misconfigurations and vulnerabilities resulting from miscommunication between operators, assess the choices made by these operators in creating more robust and stable deployments in the face of existing best practices, and evaluate the effectiveness of the deployed techniques in overcoming DDoS attacks.Focusing on our contributions, we show that while the distributed nature of the DNS has enabled its scalability and success, it also presents risks to its resilience. Inconsistency in the DNS hierarchy resulting from miscommunications between stakeholders increases the attack surface and affects resilience, enabling lame delegations and hijacking with potentially severe consequences. SommarioIl 2023 segna il quarantenario dalla creazione del Sistema di Risoluzione Nomi a Dominio, conosciuto come DNS. Nel corso del tempo, il DNS ha sempre svolto un ruolo fondamentale nell'ecosistema di Internet: possiamo considerarlo come un elenco telefonico, in quanto il DNS traduce nomi di dominio facili da ricordare in indirizzi IP (similarmente alle nostre pagine gialle per i numeri di telefono). Negli anni, Internet ha assunto sempre più importanza e i suoi quarant'anni iniziano a pesare sul DNS. Ogni giorno, infatti, assistiamo ad un flusso costante di informazioni che scorrono sulle autostrade digitali e che non p...

show abstract