Skip to content. | Skip to navigation

Personal tools

Navigation

You are here: Home / Projects / Large Route Leaks

Large Route Leaks

Large route leaks (LRL) are a specific type of prefix hijacking, in which an unauthorized network hijacks prefixes owned by multiple different networks. We design and implement a detection system which is able to detect LRL events at real time and without requiring authoritative prefix ownership information. By correlating individual suspicious routing announcements along the time dimension and comparing with a network's past behavior, we are able to identify a network's abnormal behavior of offending multiple other networks at the same time. 

Applying the detection algorithm to BGP updates collected by RouteViews Oregon monitor from 2003 through 2009, we identify five to twenty large route leaks every year. They typically hijack prefixes owned by a few tens of other networks, last from a few minutes to a few hours, and pollute routes at most vantage points of the data collector. In particular there are nine events detected in 2009 and six in 2008, none of which was mentioned on operator mailing lists such as NANOG, but all are confirmed through our communication with operators of affected networks.

The system can take real-time BGP data feed and conduct the detection quickly, enabling automated response to these attacks without requiring authoritative prefix ownership information or human intervention. This is important for all networks to protect their data traffic before the attack can be resolved.

The following table lists the large route leak events detected from 2003 through 08/12/2010 using data from RouteViews Oregon collector. 

 

2010:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses duration
04/08/10 23724 China Telecommunications China 2289 12115 113,924,096 21 mins
04/22/09 11269 Dummy object for CW-Bermuda Bermuda 19 83 731,904 2.32 mins
05/19/09 10834 Telefonica Data Argentina Argentina 14 85 141,824 42.9 mins
08/12/09 5 SYMBOLICS U.S. 15 32 98,816 5.28 mins

 

2009:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses duration
02/14/09 8895 ISU Riyadh AS Saudi Arabia 31 243 289,280 2.0 hours
04/07/09 36873 CELTEL NIGERIA 15 45 27,392 10 mins
05/05/09 10834 Telefonica Data Argentina Argentina 91 1,108 1,713,664 3.0 hours
07/12/09 29568 COMTEL Romania 17 56 20,480 23 mins
07/22/09 8997 SPBNIT OJSC North-West Telecom Russia 173 351 101,500,416 59 secs
08/12/09 4800 LINTASARTA Indonesia 13 39 18,176 32 secs
08/13/09 4800 LINTASARTA Indonesia 68 492 685,568 7.8 hours
12/04/09 31501 SPBTELEPORT Poland 19 77 1,574,400 68 secs
12/15/09 39386 Saudi Telecom Saudi Arabia 24 67 664,064 62 secs

 

2008:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses duration
04/28/08 44237  Joint-Stock Central Telecom Russia 13  21 82688  7.9 mins 
 06/17/08  8953 Orange Romania   Romania  113 218  113920  2.1 mins 
 08/26/08  24739 Severen-Telecom   Russia 16  42  107008   18 mins
 09/22/08  8997 SPBNIT OJSC North-West Telecom   Russia  15270  116753  1521397056 22 hours 
12/31/08  1967 Middle East Technical University  Turkey  17  49  469504  5.7 mins 
12/31/08   6849 UKRTELNET JSC UKRTELECOM  Ukraine   38 52  25856  2.2 hours

 


2007:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses  duration
 02/02/07  17175  New Skies Satellites UK U.S.          13           14  37,376  10 mins 
02/20/07   29835  New Skies Satellites N.V.  U.S. 22  49  47,872   5.6 hours
 03/01/07 17175   New Skies Satellites UK U.S.   20 29  41216   2.3 mins
05/29/07   4795 INDOSATM2   Indonesia  40 218  68608  14 mins 
 06/16/07  6198 BellSouth Network Solutions  U.S.   12 65   1327104 12 hours 
 08/20/07  29835  New Skies Satellites N.V.  U.S.  21 48  43776  6.0 mins 
 11/19/07 26608  SkyOnline do Brasil   Brazil  191 589  110,049,536   22 mins
 11/30/07  10139 Smart Broadband  Philippines   18 21  302592  22 mins 

 


2006:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses  duration
 02/25/06 9121  TTnet   Turkey  712  1479 68459264   33 mins
02/28/06   25185 PHARMASUPPORT  Russia 20   34  570425344 10 mins 
 03/08/06 9070  ITD Network Bulgarian  Bulgaria   11  31  15104 4.9 mins 
03/17/06   174  Cogent    25 33   112128 16 mins 
 04/09/06  23520  Columbus Networks USA  USA 1469 3300 35580416  3 hours
06/07/06   23520 Columbus Networks USA   USA 507   1654 60352000   32 mins
 06/29/06 9476   IntraPower Pty. Ltd. Australia  97  238   622848 8.7 hours 
06/30/06   9476  IntraPower Pty. Ltd. Australia   197 755   17366528 20 hours 
 07/01/06  9476 IntraPower Pty. Ltd.  Australia   44 169  639488  4.4 hours 
 07/02/06 9476   IntraPower Pty. Ltd. Australia   337  1152 25276416  15 hours 
07/28/06   16150  Port80 Sweden  20   20 40192  17 mins 
 09/07/06 9121  TTnet  Turkey   480  1166 136253184  28 mins 
09/08/06  9121   TTnet Turkey  33   154  12051968 2.65 mins 
10/16/06   6386  BellSouth.net Inc. U.S.  14   80 73984 12 hours 
 11/20/06 10834   Telefonica Data Argentina S.A. Argentina   14 75  75264  11 mins 
 11/29/06  4761  INDOSAT Indonesia   896  3293 55151104  59 mins 
 12/10/06 4761   INDOSAT Indonesia   18  19  94976  1.5 mins

 


2005:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses  duration
05/11/05   34935 Doom Ltd.,Game Clubs  Bulgaria   32  158 71680  5.4 mins 
 1018/05 13228   Digital Generation  Ukraine 68  103   97536 3.8 mins 
10/20/05   13228 Digital Generation  Ukraine  19 27  19712  12 hours 
11/07/05   3561 Savvis   U.S. 941   2341 38642688  5.2 mins 
 12/11/05  7509  HINET Hokkaido University  Japan  15  13 67502848  1.1 mins 

 


2004:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses  duration
 01/14/04  12635  ONE GmbH  Austria  57  122 4105216  54 secs 
 01/09/04  4761 INDOSAT  Indonesia   12 23   54784 2.6 mins 
02/10/04   4795  INDOSATM2  Indonesia 766  1829   91421952  71 mins
02/18/04  4795  INDOSATM2   Indonesia  75 522  580352  17 mins 
 09/20/04  32642 ARBINET-THEXCHANGE, INC.  U.S.   26 24  213760  3.0 mins 
 09/21/04  32642 ARBINET-THEXCHANGE, INC.  U.S.   28 26   185344 5.5 mins 
 12/24/04  9121 TTnet  Tureky   13685 102245  999,915,008  11 hours 

 

2003:

time offender AS AS name AS location # of offended ASes # of offended prefixes # of offended ip addresses  duration
01/06/03   17175  New Skies Satellites UK  U.S.  15 56  132864  28 mins 
 03/03/03  12956  Telefonica Backbone Spain  2132  6723  280930560  22 hours 
03/07/03   9270  Asia Pacific Advanced Network Korea Korea   100 120   139664896 1.6 hours 
 03/10/03 12956   Telefonica Backbone  Spain   2210  8111 150708480  41 mins 
05/27/03   6746 ASTRAL Telecom SA, Romania  Romania  43   117 50944  1.0 hours
 06/26/03  2500 WIDE Project  Japan  185   1052 14434736  1.3 hours 
 07/11/03  7539  TANet2 Taiwan   82 526  8924928  1.2 hours 
 09/25/03 29259   Teleport, DE  Germany  117 164  621440  24 mins 
 10/09/03 1239   Sprint U.S.   20 21  160000   2 mins
 11/02/03  17964 Beijing Dian-Xin-Tong Network Technologies Co.   China  11  12 20736  45 mins 

 

Document Actions

Log in


Forgot your password?
« February 2018 »
February
MoTuWeThFrSaSu
1234
567891011
12131415161718
19202122232425
262728