Abstract
Denial of Service (DoS) attacks and route hijacking have become the most predominant network attacks. To address these threats, network operators currently rely on mitigation services like Remotely Triggered Black Hole (RTBH) and Resource Public Key Infrastructure (RPKI). In this paper, we seek to understand how operators leverage both of these mechanisms. Using data collected at multiple IXPs we infer network operators that use RTBH services. We collect RPKI data for the same set of organizations and determine which of those rely on both RTBH and RPKI. One-third of the selected operators do not use any of these services, while most of the ASes that trigger blackholes also deploy RPKI. Some of these operators employ poor RPKI practices that make their prefixes vulnerable to attacks. However, most operators rely on an RTBH-agnostic approach indicating the need to devise an approach that effectively combines these two mechanisms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A recent study by Fontugne et al. [7] showed that RPKI can add significant delays to the propagation of BGP announcements.
References
Wagner, D., et al.: United we stand: collaborative detection and mitigation of amplification DDoS attacks at scale. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 970–987 (2021)
Czyz, J., Kallitsis, M., Gharaibeh, M., Papadopoulos, C., Bailey, M., Karir, M.: Taming the 800 pound gorilla: the rise and decline of NTP DDoS attacks. In: Proceedings of the 2014 Conference on Internet Measurement Conference, IMC 2014, pp. 435–448. Association for Computing Machinery, New York (2014)
Dietzel, C., Feldmann, A., King, T.: Blackholing at IXPs: on the effectiveness of DDoS mitigation in the wild. In: Karagiannis, T., Dimitropoulos, X. (eds.) PAM 2016. LNCS, vol. 9631, pp. 319–332. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30505-9_24
Kopp, D., Dietzel, C., Hohlfeld, O.: DDoS never dies? An IXP perspective on DDoS amplification attacks. In: Hohlfeld, O., Lutu, A., Levin, D. (eds.) PAM 2021. LNCS, vol. 12671, pp. 284–301. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-72582-2_17
King, T., Dietzel, C., Snijders, J., Döring, G., Hankins, G.: BLACKHOLE Community. RFC 7999 (2016)
Lepinski, M., Kent, S.: An Infrastructure to Support Secure Internet Routing (2012). https://datatracker.ietf.org/doc/html/rfc6480
Fontugne, R., Phokeer, A., Pelsser, C., Vermeulen, K., Bush, R.: RPKI time-of-flight: tracking delays in the management, control, and data planes. In: Brunstrom, A., Flores, M., Fiore, M. (eds.) PAM 2023. LNCS, vol. 13882, pp. 429–457. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-28486-1_18
Sediqi, K.Z., Prehn, L., Gasser, O.: Hyper-specific prefixes: gotta enjoy the little things in interdomain routing. ACM SIGCOMM Comput. Commun. Rev. 52(2), 20–34 (2022)
Gilad, Y., Goldberg, S., Sriram, K., Snijders, J., Maddison, B.: RFC 9319 the use of maxlength in the resource public key infrastructure (RPKI) (2022)
Packet Clearing House. Internet Exchange Directory (2023). https://www.pch.net/ixp/dir
RIPE NCC. RPKI repository archive (2023). https://ftp.ripe.net/rpki/
Gilad, Y., Sagga, O., Goldberg, S.: Maxlength considered harmful to the RPKI. In: CoNEXT 2017. Association for Computing Machinery, New York (2017)
Lynn, C., Kent, S., Seo, K.: X.509 Extensions for IP Addresses and AS Identifiers (2004). https://www.rfc-editor.org/rfc/rfc3779
DE-CIX. RPKI at the DE-CIX route servers (2023). https://www.de-cix.net/en/resources/service-information/route-server-guides/rpki
Equinix. Resource Public Key Infrastructure (RPKI) (2023). https://docs.equinix.com/en-us/Content/Interconnection/IX/IX-rpki.htm
The BIRD Internet Routing Daemon. https://bird.network.cz/
Luciani, F.: Checking prefix filtering in IXPs with BIRD and OpenBGPD (2023). https://blog.apnic.net/2021/11/15/checking-prefix-filtering-in-ixps-with-bird-and-openbgpd/
FranceIX, RAPPORT TECHNIQUE Q1 2020 (2020). https://blog.franceix.net/rapport-technique-q1-2020/
PeeringDB: T-CIX Route Servers. https://www.peeringdb.com/net/8295
Diego Neto (NL-ix). BIRD route-server configuration: click, done! (2017). https://indico.uknof.org.uk/event/39/
Giotsas, V., Smaragdakis, G., Dietzel, C., Richter, P., Feldmann, A., Berger, A.: Inferring BGP blackholing activity in the internet. In: Proceedings of the 2017 Internet Measurement Conference, IMC 2017, pp. 1–14. Association for Computing Machinery, New York (2017)
Dietzel, C., Wichtlhuber, M., Smaragdakis, G., Feldmann, A.: Stellar: network attack mitigation using advanced blackholing. In: Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT 2018, pp. 152–164. Association for Computing Machinery, New York (2018)
Miller, L., Pelsser, C.: A taxonomy of attacks using BGP blackholing. In: Sako, K., Schneider, S., Ryan, P. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 107–127. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29959-0_6
Wichtlhuber, M., et al.: IXP scrubber: learning from blackholing traffic for ml-driven DDoS detection at scale. In: Proceedings of the ACM SIGCOMM 2022 Conference, SIGCOMM 2022, pp. 707–722. Association for Computing Machinery, New York (2022)
Streibelt, F., et al.: BGP communities: even more worms in the routing can. In: Proceedings of ACM IMC 2018, Boston, MA (2018)
Reuter, A., Bush, R., Cunha, I., Katz-Bassett, E., Schmidt, T.C., Wählisch, M.: Towards a rigorous methodology for measuring adoption of RPKI route validation and filtering. ACM SIGCOMM Comput. Commun. Rev. 48(1), 19–27 (2018)
Chung, T., et al.: RPKI is coming of age: a longitudinal study of RPKI deployment and invalid route origins. In: Proceedings of the Internet Measurement Conference, IMC 2019, pp. 406–419. Association for Computing Machinery, New York (2019)
Snijders, J., Abrahamsson, M., Maddison, B.: Resource public key infrastructure (RPKI) object profile for discard origin authorizations (DOA). Internet-Draft draft-spaghetti-sidrops-rpki-doa-00, Internet Engineering Task Force (2022, work in progress)
Packet Clearing House. PCH raw routing data. https://www.pch.net/resources/Raw_Routing_Data/. Accessed 25 May 2023
DE-CIX. Blackholing guide (2023). https://www.de-cix.net/en/resources/service-information/blackholing-guide
Equinix. Remotely Triggered Black Hole (2023). https://docs.equinix.com/en-us/Content/Interconnection/IX/IX-rtbh-guide.htm
Giganet. Blackhole (BGP) (2023). https://giganet.ua/en/service/blackhole
FranceIX. Blackholing (2023). https://www.franceix.net/fr/services/infrastructure/blackholing
SeattleIX. Blackholing (2023). https://www.seattleix.net/blackholing
Techtarget Security. Major DDoS attacks increasing after invasion of Ukraine (2022). https://www.techtarget.com/searchsecurity/news/252521150/Major-DDoS-attacks-increasing-after-invasion-of-Ukraine. Accessed 25 May 2023
The Record. DDoS attacks surge in popularity in Ukraine - but are they more than a cheap thrill? (2022). https://therecord.media/ddos-attacks-surge-in-popularity-in-ukraine-but-are-they-more-than-a-cheap-thrill. Accessed 25 May 2023
Computer Weekly. Ukraine war drives DDoS attack volumes ever higher (2022). https://www.computerweekly.com/news/252523959/Ukraine-war-drives-DDoS-attack-volumes-ever-higher. Accessed 25 May 2023
National Cyber Security Center. UK government assess Russian involvement in DDoS attacks on Ukraine (2022). https://www.ncsc.gov.uk/news/russia-ddos-involvement-in-ukraine. Accessed 25 May 2023
National Institute of Standards and Technology (NIST). RPKI-ROV History of Unique Prefix-Origin Pairs (IPv4) (2024). https://rpki-monitor.antd.nist.gov/ROV
Acknowledgments
We thank the anonymous reviewers and our shepherd for their helpful comments. This research was supported in part by the MANRS Fellowship Program. Ioana Livadariu was partially funded by the SimulaMet’s internal funding. We would like to thank the IXPs who responded to our survey.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Ethics
A Ethics
We are not aware of any ethical issue raised by this work. Our analysis relies on publicly available datasets.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Livadariu, I., Fontugne, R., Phokeer, A., Candela, M., Stucchi, M. (2024). A Tale of Two Synergies: Uncovering RPKI Practices for RTBH at IXPs. In: Richter, P., Bajpai, V., Carisimo, E. (eds) Passive and Active Measurement. PAM 2024. Lecture Notes in Computer Science, vol 14538. Springer, Cham. https://doi.org/10.1007/978-3-031-56252-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-56252-5_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-56251-8
Online ISBN: 978-3-031-56252-5
eBook Packages: Computer ScienceComputer Science (R0)