You are here: Home / Projects / Large Route Leaks

Large Route Leaks

Large route leaks (LRL) are a specific type of prefix hijacking, in which an unauthorized network hijacks prefixes owned by multiple different networks. We design and implement a detection system which is able to detect LRL events at real time and without requiring authoritative prefix ownership information. By correlating individual suspicious routing announcements along the time dimension and comparing with a network's past behavior, we are able to identify a network's abnormal behavior of offending multiple other networks at the same time.

Applying the detection algorithm to BGP updates collected by RouteViews Oregon monitor from 2003 through 2009, we identify five to twenty large route leaks every year. They typically hijack prefixes owned by a few tens of other networks, last from a few minutes to a few hours, and pollute routes at most vantage points of the data collector. In particular there are nine events detected in 2009 and six in 2008, none of which was mentioned on operator mailing lists such as NANOG, but all are confirmed through our communication with operators of affected networks.

The system can take real-time BGP data feed and conduct the detection quickly, enabling automated response to these attacks without requiring authoritative prefix ownership information or human intervention. This is important for all networks to protect their data traffic before the attack can be resolved.

The following table lists the large route leak events detected from 2003 through 08/12/2010 using data from RouteViews Oregon collector.

2010:

time	offender AS	AS name	AS location	# of offended ASes	# of offended prefixes	# of offended ip addresses	duration
04/08/10	23724	China Telecommunications	China	2289	12115	113,924,096	21 mins
04/22/09	11269	Dummy object for CW-Bermuda	Bermuda	19	83	731,904	2.32 mins
05/19/09	10834	Telefonica Data Argentina	Argentina	14	85	141,824	42.9 mins
08/12/09	5	SYMBOLICS	U.S.	15	32	98,816	5.28 mins

2009:

time	offender AS	AS name	AS location	# of offended ASes	# of offended prefixes	# of offended ip addresses	duration
02/14/09	8895	ISU Riyadh AS	Saudi Arabia	31	243	289,280	2.0 hours
04/07/09	36873	CELTEL	NIGERIA	15	45	27,392	10 mins
05/05/09	10834	Telefonica Data Argentina	Argentina	91	1,108	1,713,664	3.0 hours
07/12/09	29568	COMTEL	Romania	17	56	20,480	23 mins
07/22/09	8997	SPBNIT OJSC North-West Telecom	Russia	173	351	101,500,416	59 secs
08/12/09	4800	LINTASARTA	Indonesia	13	39	18,176	32 secs
08/13/09	4800	LINTASARTA	Indonesia	68	492	685,568	7.8 hours
12/04/09	31501	SPBTELEPORT	Poland	19	77	1,574,400	68 secs
12/15/09	39386	Saudi Telecom	Saudi Arabia	24	67	664,064	62 secs

2008:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses duration

04/28/08 44237 Joint-Stock Central Telecom Russia 13 21 82688 7.9 mins

06/17/08 8953 Orange Romania Romania 113 218 113920 2.1 mins

08/26/08 24739 Severen-Telecom Russia 16 42 107008 18 mins

09/22/08 8997 SPBNIT OJSC North-West Telecom Russia 15270 116753 1521397056 22 hours

12/31/08 1967 Middle East Technical University Turkey 17 49 469504 5.7 mins

12/31/08 6849 UKRTELNET JSC UKRTELECOM Ukraine 38 52 25856 2.2 hours

2007:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses duration

02/02/07 17175 New Skies Satellites UK U.S. 13 14 37,376 10 mins

02/20/07 29835 New Skies Satellites N.V. U.S. 22 49 47,872 5.6 hours

03/01/07 17175 New Skies Satellites UK U.S. 20 29 41216 2.3 mins

05/29/07 4795 INDOSATM2 Indonesia 40 218 68608 14 mins

06/16/07 6198 BellSouth Network Solutions U.S. 12 65 1327104 12 hours

08/20/07 29835 New Skies Satellites N.V. U.S. 21 48 43776 6.0 mins

11/19/07 26608 SkyOnline do Brasil Brazil 191 589 110,049,536 22 mins

11/30/07 10139 Smart Broadband Philippines 18 21 302592 22 mins

2006:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses duration

02/25/06 9121 TTnet Turkey 712 1479 68459264 33 mins

02/28/06 25185 PHARMASUPPORT Russia 20 34 570425344 10 mins

03/08/06 9070 ITD Network Bulgarian Bulgaria 11 31 15104 4.9 mins

03/17/06 174 Cogent 25 33 112128 16 mins

04/09/06 23520 Columbus Networks USA USA 1469 3300 35580416 3 hours

06/07/06 23520 Columbus Networks USA USA 507 1654 60352000 32 mins

06/29/06 9476 IntraPower Pty. Ltd. Australia 97 238 622848 8.7 hours

06/30/06 9476 IntraPower Pty. Ltd. Australia 197 755 17366528 20 hours

07/01/06 9476 IntraPower Pty. Ltd. Australia 44 169 639488 4.4 hours

07/02/06 9476 IntraPower Pty. Ltd. Australia 337 1152 25276416 15 hours

07/28/06 16150 Port80 Sweden 20 20 40192 17 mins

09/07/06 9121 TTnet Turkey 480 1166 136253184 28 mins

09/08/06 9121 TTnet Turkey 33 154 12051968 2.65 mins

10/16/06 6386 BellSouth.net Inc. U.S. 14 80 73984 12 hours

11/20/06 10834 Telefonica Data Argentina S.A. Argentina 14 75 75264 11 mins

11/29/06 4761 INDOSAT Indonesia 896 3293 55151104 59 mins

12/10/06 4761 INDOSAT Indonesia 18 19 94976 1.5 mins

2005:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses duration

05/11/05 34935 Doom Ltd.,Game Clubs Bulgaria 32 158 71680 5.4 mins

1018/05 13228 Digital Generation Ukraine 68 103 97536 3.8 mins

10/20/05 13228 Digital Generation Ukraine 19 27 19712 12 hours

11/07/05 3561 Savvis U.S. 941 2341 38642688 5.2 mins

12/11/05 7509 HINET Hokkaido University Japan 15 13 67502848 1.1 mins

2004:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses duration

01/14/04 12635 ONE GmbH Austria 57 122 4105216 54 secs

01/09/04 4761 INDOSAT Indonesia 12 23 54784 2.6 mins

02/10/04 4795 INDOSATM2 Indonesia 766 1829 91421952 71 mins

02/18/04 4795 INDOSATM2 Indonesia 75 522 580352 17 mins

09/20/04 32642 ARBINET-THEXCHANGE, INC. U.S. 26 24 213760 3.0 mins

09/21/04 32642 ARBINET-THEXCHANGE, INC. U.S. 28 26 185344 5.5 mins

12/24/04 9121 TTnet Tureky 13685 102245 999,915,008 11 hours

2003:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses duration

01/06/03 17175 New Skies Satellites UK U.S. 15 56 132864 28 mins

03/03/03 12956 Telefonica Backbone Spain 2132 6723 280930560 22 hours

03/07/03 9270 Asia Pacific Advanced Network Korea Korea 100 120 139664896 1.6 hours

03/10/03 12956 Telefonica Backbone Spain 2210 8111 150708480 41 mins

05/27/03 6746 ASTRAL Telecom SA, Romania Romania 43 117 50944 1.0 hours

06/26/03 2500 WIDE Project Japan 185 1052 14434736 1.3 hours

07/11/03 7539 TANet2 Taiwan 82 526 8924928 1.2 hours

09/25/03 29259 Teleport, DE Germany 117 164 621440 24 mins

10/09/03 1239 Sprint U.S. 20 21 160000 2 mins

11/02/03 17964 Beijing Dian-Xin-Tong Network Technologies Co. China 11 12 20736 45 mins

Document Actions

Send this

Navigation

Log in: Login Name

Password

Cookies are not enabled. You must enable cookies before you can log in.; Forgot your password?

« March 2025 »

time	offender AS	AS name	AS location	# of offended ASes	# of offended prefixes	# of offended ip addresses	duration
04/28/08	44237	Joint-Stock Central Telecom	Russia	13	21	82688	7.9 mins
06/17/08	8953	Orange Romania	Romania	113	218	113920	2.1 mins
08/26/08	24739	Severen-Telecom	Russia	16	42	107008	18 mins
09/22/08	8997	SPBNIT OJSC North-West Telecom	Russia	15270	116753	1521397056	22 hours
12/31/08	1967	Middle East Technical University	Turkey	17	49	469504	5.7 mins
12/31/08	6849	UKRTELNET JSC UKRTELECOM	Ukraine	38	52	25856	2.2 hours

time	offender AS	AS name	AS location	# of offended ASes	# of offended prefixes	# of offended ip addresses	duration
02/02/07	17175	New Skies Satellites UK	U.S.	13	14	37,376	10 mins
02/20/07	29835	New Skies Satellites N.V.	U.S.	22	49	47,872	5.6 hours
03/01/07	17175	New Skies Satellites UK	U.S.	20	29	41216	2.3 mins
05/29/07	4795	INDOSATM2	Indonesia	40	218	68608	14 mins
06/16/07	6198	BellSouth Network Solutions	U.S.	12	65	1327104	12 hours
08/20/07	29835	New Skies Satellites N.V.	U.S.	21	48	43776	6.0 mins
11/19/07	26608	SkyOnline do Brasil	Brazil	191	589	110,049,536	22 mins
11/30/07	10139	Smart Broadband	Philippines	18	21	302592	22 mins

time	offender AS	AS name	AS location	# of offended ASes	# of offended prefixes	# of offended ip addresses	duration
02/25/06	9121	TTnet	Turkey	712	1479	68459264	33 mins
02/28/06	25185	PHARMASUPPORT	Russia	20	34	570425344	10 mins
03/08/06	9070	ITD Network Bulgarian	Bulgaria	11	31	15104	4.9 mins
03/17/06	174	Cogent		25	33	112128	16 mins
04/09/06	23520	Columbus Networks USA	USA	1469	3300	35580416	3 hours
06/07/06	23520	Columbus Networks USA	USA	507	1654	60352000	32 mins
06/29/06	9476	IntraPower Pty. Ltd.	Australia	97	238	622848	8.7 hours
06/30/06	9476	IntraPower Pty. Ltd.	Australia	197	755	17366528	20 hours
07/01/06	9476	IntraPower Pty. Ltd.	Australia	44	169	639488	4.4 hours
07/02/06	9476	IntraPower Pty. Ltd.	Australia	337	1152	25276416	15 hours
07/28/06	16150	Port80	Sweden	20	20	40192	17 mins
09/07/06	9121	TTnet	Turkey	480	1166	136253184	28 mins
09/08/06	9121	TTnet	Turkey	33	154	12051968	2.65 mins
10/16/06	6386	BellSouth.net Inc.	U.S.	14	80	73984	12 hours
11/20/06	10834	Telefonica Data Argentina S.A.	Argentina	14	75	75264	11 mins
11/29/06	4761	INDOSAT	Indonesia	896	3293	55151104	59 mins
12/10/06	4761	INDOSAT	Indonesia	18	19	94976	1.5 mins

time	offender AS	AS name	AS location	# of offended ASes	# of offended prefixes	# of offended ip addresses	duration
05/11/05	34935	Doom Ltd.,Game Clubs	Bulgaria	32	158	71680	5.4 mins
1018/05	13228	Digital Generation	Ukraine	68	103	97536	3.8 mins
10/20/05	13228	Digital Generation	Ukraine	19	27	19712	12 hours
11/07/05	3561	Savvis	U.S.	941	2341	38642688	5.2 mins
12/11/05	7509	HINET Hokkaido University	Japan	15	13	67502848	1.1 mins

time	offender AS	AS name	AS location	# of offended ASes	# of offended prefixes	# of offended ip addresses	duration
01/14/04	12635	ONE GmbH	Austria	57	122	4105216	54 secs
01/09/04	4761	INDOSAT	Indonesia	12	23	54784	2.6 mins
02/10/04	4795	INDOSATM2	Indonesia	766	1829	91421952	71 mins
02/18/04	4795	INDOSATM2	Indonesia	75	522	580352	17 mins
09/20/04	32642	ARBINET-THEXCHANGE, INC.	U.S.	26	24	213760	3.0 mins
09/21/04	32642	ARBINET-THEXCHANGE, INC.	U.S.	28	26	185344	5.5 mins
12/24/04	9121	TTnet	Tureky	13685	102245	999,915,008	11 hours

time	offender AS	AS name	AS location	# of offended ASes	# of offended prefixes	# of offended ip addresses	duration
01/06/03	17175	New Skies Satellites UK	U.S.	15	56	132864	28 mins
03/03/03	12956	Telefonica Backbone	Spain	2132	6723	280930560	22 hours
03/07/03	9270	Asia Pacific Advanced Network Korea	Korea	100	120	139664896	1.6 hours
03/10/03	12956	Telefonica Backbone	Spain	2210	8111	150708480	41 mins
05/27/03	6746	ASTRAL Telecom SA, Romania	Romania	43	117	50944	1.0 hours
06/26/03	2500	WIDE Project	Japan	185	1052	14434736	1.3 hours
07/11/03	7539	TANet2	Taiwan	82	526	8924928	1.2 hours
09/25/03	29259	Teleport, DE	Germany	117	164	621440	24 mins
10/09/03	1239	Sprint	U.S.	20	21	160000	2 mins
11/02/03	17964	Beijing Dian-Xin-Tong Network Technologies Co.	China	11	12	20736	45 mins