Protection of the enterprise network against BGP hijacking

Abstract

The BGP protocol is the most widespread protocol for inter-domain communication and thus forms the backbone of worldwide Internet communication. The biggest advantage is at the same time the biggest disadvantage. The assumption that each message is correct, the trust model of BGP, allows easy connection between different providers. At the same time, it allows attackers to carry out large-scale attacks very easily on internet communication. In this paper, a general detection model for BGP hijacking will be designed. Furthermore, we will investigate how different BGP hijacking detection software works. There will also be a collection of the current possibilities for prevention, reaction and analysis of BGP hijacking. In the practical part, BGP long-term data and RPKI will be analysed on real examples. As a result of this work, a BGP hijacking classification is created. Different possibilities for prevention, reaction and analysis were explained and evaluated. This information helps to answer the question of how emergency plans for an enterprise network can look like. Advantages and disadvantages of the BGP hijacking detection software were identified and presented. Thus, important points of the functioning of software like BGPalerter or Artemis can be explained. In the practical part, long-term data was successfully used to detect BGP attacks retrospectively. Furthermore, the usefulness of RPKI was demonstrated by means of a real attack.