Stealthy IP Prefix Hijacking: Don't Bite Off More Than You Can Chew

Date Added: Oct 2009
Format: PDF

In prefix hijacking, an Autonomous System (AS) advertises routes for prefixes that are owned by another AS, and ends up hijacking traffic that is intended to the owner. While misconfigurations and/or misunderstandings of policies are the likely reasons behind the majority of those incidents, malicious incidents have also been reported. Recent works have focused on malicious scenarios that aim to maximize the amount of hijacked traffic from all ASes, without considering scenarios where the attacker is aiming to avoid detection. In this paper, the authors expose a new class of prefix hijacking that is stealthy in nature. The idea is to craft path(s) - of tunable lengths - that deceive only a small subset of ASes.