Skip to main content
SpringerLink
Log in

A Tale of Two Synergies: Uncovering RPKI Practices for RTBH at IXPs

  • Conference paper
  • First Online:
Passive and Active Measurement (PAM 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14538))

Included in the following conference series:

  • 82 Accesses

Abstract

Denial of Service (DoS) attacks and route hijacking have become the most predominant network attacks. To address these threats, network operators currently rely on mitigation services like Remotely Triggered Black Hole (RTBH) and Resource Public Key Infrastructure (RPKI). In this paper, we seek to understand how operators leverage both of these mechanisms. Using data collected at multiple IXPs we infer network operators that use RTBH services. We collect RPKI data for the same set of organizations and determine which of those rely on both RTBH and RPKI. One-third of the selected operators do not use any of these services, while most of the ASes that trigger blackholes also deploy RPKI. Some of these operators employ poor RPKI practices that make their prefixes vulnerable to attacks. However, most operators rely on an RTBH-agnostic approach indicating the need to devise an approach that effectively combines these two mechanisms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A recent study by Fontugne et al. [7] showed that RPKI can add significant delays to the propagation of BGP announcements.

References

  1. Wagner, D., et al.: United we stand: collaborative detection and mitigation of amplification DDoS attacks at scale. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 970–987 (2021)

    Google Scholar 

  2. Czyz, J., Kallitsis, M., Gharaibeh, M., Papadopoulos, C., Bailey, M., Karir, M.: Taming the 800 pound gorilla: the rise and decline of NTP DDoS attacks. In: Proceedings of the 2014 Conference on Internet Measurement Conference, IMC 2014, pp. 435–448. Association for Computing Machinery, New York (2014)

    Google Scholar 

  3. Dietzel, C., Feldmann, A., King, T.: Blackholing at IXPs: on the effectiveness of DDoS mitigation in the wild. In: Karagiannis, T., Dimitropoulos, X. (eds.) PAM 2016. LNCS, vol. 9631, pp. 319–332. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30505-9_24

    Chapter  Google Scholar 

  4. Kopp, D., Dietzel, C., Hohlfeld, O.: DDoS never dies? An IXP perspective on DDoS amplification attacks. In: Hohlfeld, O., Lutu, A., Levin, D. (eds.) PAM 2021. LNCS, vol. 12671, pp. 284–301. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-72582-2_17

    Chapter  Google Scholar 

  5. King, T., Dietzel, C., Snijders, J., Döring, G., Hankins, G.: BLACKHOLE Community. RFC 7999 (2016)

    Google Scholar 

  6. Lepinski, M., Kent, S.: An Infrastructure to Support Secure Internet Routing (2012). https://datatracker.ietf.org/doc/html/rfc6480

  7. Fontugne, R., Phokeer, A., Pelsser, C., Vermeulen, K., Bush, R.: RPKI time-of-flight: tracking delays in the management, control, and data planes. In: Brunstrom, A., Flores, M., Fiore, M. (eds.) PAM 2023. LNCS, vol. 13882, pp. 429–457. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-28486-1_18

    Chapter  Google Scholar 

  8. Sediqi, K.Z., Prehn, L., Gasser, O.: Hyper-specific prefixes: gotta enjoy the little things in interdomain routing. ACM SIGCOMM Comput. Commun. Rev. 52(2), 20–34 (2022)

    Article  Google Scholar 

  9. Gilad, Y., Goldberg, S., Sriram, K., Snijders, J., Maddison, B.: RFC 9319 the use of maxlength in the resource public key infrastructure (RPKI) (2022)

    Google Scholar 

  10. Packet Clearing House. Internet Exchange Directory (2023). https://www.pch.net/ixp/dir

  11. RIPE NCC. RPKI repository archive (2023). https://ftp.ripe.net/rpki/

  12. Gilad, Y., Sagga, O., Goldberg, S.: Maxlength considered harmful to the RPKI. In: CoNEXT 2017. Association for Computing Machinery, New York (2017)

    Google Scholar 

  13. Lynn, C., Kent, S., Seo, K.: X.509 Extensions for IP Addresses and AS Identifiers (2004). https://www.rfc-editor.org/rfc/rfc3779

  14. DE-CIX. RPKI at the DE-CIX route servers (2023). https://www.de-cix.net/en/resources/service-information/route-server-guides/rpki

  15. Equinix. Resource Public Key Infrastructure (RPKI) (2023). https://docs.equinix.com/en-us/Content/Interconnection/IX/IX-rpki.htm

  16. The BIRD Internet Routing Daemon. https://bird.network.cz/

  17. Luciani, F.: Checking prefix filtering in IXPs with BIRD and OpenBGPD (2023). https://blog.apnic.net/2021/11/15/checking-prefix-filtering-in-ixps-with-bird-and-openbgpd/

  18. FranceIX, RAPPORT TECHNIQUE Q1 2020 (2020). https://blog.franceix.net/rapport-technique-q1-2020/

  19. PeeringDB: T-CIX Route Servers. https://www.peeringdb.com/net/8295

  20. Diego Neto (NL-ix). BIRD route-server configuration: click, done! (2017). https://indico.uknof.org.uk/event/39/

  21. Giotsas, V., Smaragdakis, G., Dietzel, C., Richter, P., Feldmann, A., Berger, A.: Inferring BGP blackholing activity in the internet. In: Proceedings of the 2017 Internet Measurement Conference, IMC 2017, pp. 1–14. Association for Computing Machinery, New York (2017)

    Google Scholar 

  22. Dietzel, C., Wichtlhuber, M., Smaragdakis, G., Feldmann, A.: Stellar: network attack mitigation using advanced blackholing. In: Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT 2018, pp. 152–164. Association for Computing Machinery, New York (2018)

    Google Scholar 

  23. Miller, L., Pelsser, C.: A taxonomy of attacks using BGP blackholing. In: Sako, K., Schneider, S., Ryan, P. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 107–127. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29959-0_6

    Chapter  Google Scholar 

  24. Wichtlhuber, M., et al.: IXP scrubber: learning from blackholing traffic for ml-driven DDoS detection at scale. In: Proceedings of the ACM SIGCOMM 2022 Conference, SIGCOMM 2022, pp. 707–722. Association for Computing Machinery, New York (2022)

    Google Scholar 

  25. Streibelt, F., et al.: BGP communities: even more worms in the routing can. In: Proceedings of ACM IMC 2018, Boston, MA (2018)

    Google Scholar 

  26. Reuter, A., Bush, R., Cunha, I., Katz-Bassett, E., Schmidt, T.C., Wählisch, M.: Towards a rigorous methodology for measuring adoption of RPKI route validation and filtering. ACM SIGCOMM Comput. Commun. Rev. 48(1), 19–27 (2018)

    Article  Google Scholar 

  27. Chung, T., et al.: RPKI is coming of age: a longitudinal study of RPKI deployment and invalid route origins. In: Proceedings of the Internet Measurement Conference, IMC 2019, pp. 406–419. Association for Computing Machinery, New York (2019)

    Google Scholar 

  28. Snijders, J., Abrahamsson, M., Maddison, B.: Resource public key infrastructure (RPKI) object profile for discard origin authorizations (DOA). Internet-Draft draft-spaghetti-sidrops-rpki-doa-00, Internet Engineering Task Force (2022, work in progress)

    Google Scholar 

  29. Packet Clearing House. PCH raw routing data. https://www.pch.net/resources/Raw_Routing_Data/. Accessed 25 May 2023

  30. DE-CIX. Blackholing guide (2023). https://www.de-cix.net/en/resources/service-information/blackholing-guide

  31. Equinix. Remotely Triggered Black Hole (2023). https://docs.equinix.com/en-us/Content/Interconnection/IX/IX-rtbh-guide.htm

  32. Giganet. Blackhole (BGP) (2023). https://giganet.ua/en/service/blackhole

  33. FranceIX. Blackholing (2023). https://www.franceix.net/fr/services/infrastructure/blackholing

  34. SeattleIX. Blackholing (2023). https://www.seattleix.net/blackholing

  35. Techtarget Security. Major DDoS attacks increasing after invasion of Ukraine (2022). https://www.techtarget.com/searchsecurity/news/252521150/Major-DDoS-attacks-increasing-after-invasion-of-Ukraine. Accessed 25 May 2023

  36. The Record. DDoS attacks surge in popularity in Ukraine - but are they more than a cheap thrill? (2022). https://therecord.media/ddos-attacks-surge-in-popularity-in-ukraine-but-are-they-more-than-a-cheap-thrill. Accessed 25 May 2023

  37. Computer Weekly. Ukraine war drives DDoS attack volumes ever higher (2022). https://www.computerweekly.com/news/252523959/Ukraine-war-drives-DDoS-attack-volumes-ever-higher. Accessed 25 May 2023

  38. National Cyber Security Center. UK government assess Russian involvement in DDoS attacks on Ukraine (2022). https://www.ncsc.gov.uk/news/russia-ddos-involvement-in-ukraine. Accessed 25 May 2023

  39. National Institute of Standards and Technology (NIST). RPKI-ROV History of Unique Prefix-Origin Pairs (IPv4) (2024). https://rpki-monitor.antd.nist.gov/ROV

Download references

Acknowledgments

We thank the anonymous reviewers and our shepherd for their helpful comments. This research was supported in part by the MANRS Fellowship Program. Ioana Livadariu was partially funded by the SimulaMet’s internal funding. We would like to thank the IXPs who responded to our survey.

Author information

Authors and Affiliations

  1. Simula Metropolitan, Oslo, Norway

    Ioana Livadariu

  2. IIJ Research Laboratory, Tokyo, Japan

    Romain Fontugne

  3. Internet Society, Reston, USA

    Amreesh Phokeer

  4. NTT, Barneveld, The Netherlands

    Massimo Candela & Massimiliano Stucchi

  5. AS58280, Brüttisellen, Switzerland

    Ioana Livadariu, Romain Fontugne, Amreesh Phokeer, Massimo Candela & Massimiliano Stucchi

Authors
  1. Ioana Livadariu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Romain Fontugne
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Amreesh Phokeer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Massimo Candela
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Massimiliano Stucchi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ioana Livadariu .

Editor information

Editors and Affiliations

  1. Akamai Technologies, Cambridge, MA, USA

    Philipp Richter

  2. Hasso Plattner Institute, Potsdam, Germany

    Vaibhav Bajpai

  3. Northwestern University, Evanston, IL, USA

    Esteban Carisimo

A Ethics

A Ethics

We are not aware of any ethical issue raised by this work. Our analysis relies on publicly available datasets.

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Livadariu, I., Fontugne, R., Phokeer, A., Candela, M., Stucchi, M. (2024). A Tale of Two Synergies: Uncovering RPKI Practices for RTBH at IXPs. In: Richter, P., Bajpai, V., Carisimo, E. (eds) Passive and Active Measurement. PAM 2024. Lecture Notes in Computer Science, vol 14538. Springer, Cham. https://doi.org/10.1007/978-3-031-56252-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-56252-5_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-56251-8

  • Online ISBN: 978-3-031-56252-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation