Detecting Large Route Leaks
Prefix hijacking, in which an unauthorized network announces IP prefixes of other networks, is a major threat to the Internet routing security. Existing detection systems either generate many false positives, requiring frequent human intervention, or are designed to protect a small number of specific prefixes. Therefore they are not suitable to protect data traffic at networks other than the prefix owner during on-going hijacks. This paper designs and implements a system that detects a specific type of prefix hijacking, large route leaks, at real time and without requiring authoritative prefix ownership information. In a large route leak, an unauthorized network hijacks prefixes owned by multiple different networks.