Prefix hijacking refers to a misconfigured or a malicious border gateway protocol (BGP) router that originates or announces a route to an Internet Protocol (IP) prefix (e.g., a destination prefix) that it does not own. This is becoming an increasingly serious Internet security thereat.
On a network, such as the Internet, IP packets are routed based on destination IP addresses. Routing tables of BGP routers are also organized based on the destination IP addresses. For scalability, plural destination IP addresses may be represented collectively by an IP destination prefix and routes stored in the BGP routers' routing tables are indexed based on the IP destination prefix. The IP destination prefix indicates an address portion common to the plural destination IP addresses (e.g., destination prefix) and a number of bits associated with the destination prefix. For example, a destination prefix of 168.205.122/24 indicates that a first 24 bits are common to destination IP addresses represented by the destination prefix (e.g., 10101000 11001101 01111010 in binary or 168.205.122 in hexadecimal). The example destination prefix may represent destination IP addresses from 168.205.122.0 to 168.205.122.255.
On the Internet, one or more subnet networks that are under control of an independently administered domain constitute an autonomous system (AS), which is identified via a unique numerical ID (e.g., AS ID) assigned to it by its regional Internet registry. The AS includes one or more BGP routers to facilitate inter-domain routing, e.g. routing of IP traffic to and from neighboring ASes. The AS ID is associated with one or more IP destination prefixes that the AS owns.
The Internet includes tens of thousands of autonomous systems (ASes). ASes establish neighboring relationships, employing BGP to maintain and exchange inter-domain routing information (or routing announcements). BGP operates based on the assumption that there is implicit trust among the ASes. As a result, inter-domain routing between ASes is incapable of preventing a BGP router of a malicious AS from announcing a route to a destination prefix using a fabricated AS path (e.g., false announcement). Such a false announcement may cascade quickly to a large number of BGP routers across multiple ASes and pollute their associated routing tables.
Based on the false announcements, the entries in the routing tables may be updated by the BGP routers for the destination prefix because the BGP router's malicious AS appears to be a very attractive next hop for forwarding traffic towards that destination prefix, resulting in hijacking of the destination prefix. Thus, IP traffic from certain parts of the Internet destined to the destination prefix may be affected. For example, the malicious AS may drop all IP traffic addressed to the destination prefix to effectively cause a denial of service attack against the destination prefix. The malicious AS may also redirect IP traffic to an alternate destination prefix that may operate as a phishing attack. Other types of attacks are also possible by hijacking the destination prefix. As a result, one or more networks of a domain identified by the hijacked destination prefix may experience performance degradation, service outage, and/or a serious security breach.
Destination prefix monitors may be disposed at certain ASes on the Internet to determine routes of IP traffic from the monitors to a destination prefix across the Internet using a traceroute program. Disposing a multiplicity of destination prefix monitors amongst the ASes does not by itself improve the likelihood of detecting a hijack of the destination prefix and inexorably increases the collection and reporting of traceroute information. It would be desirable to select plural destination prefix monitors that increase the likelihood of detecting prefix hijacking events of the destination prefix.