Please use this identifier to cite or link to this item: http://dx.doi.org/10.14279/depositonce-9378
Main Title: Inferring BGP Blackholing Activity in the Internet
Author(s): Giotsas, Vasileios
Smaragdakis, Georgios
Dietzel, Christoph
Richter, Philipp
Feldmann, Anja
Berger, Arthur
Type: Conference Object
Language Code: en
Abstract: The Border Gateway Protocol (BGP) has been used for decades as the de facto protocol to exchange reachability information among networks in the Internet. However, little is known about how this protocol is used to restrict reachability to selected destinations, e.g., that are under attack. While such a feature, BGP blackholing, has been available for some time, we lack a systematic study of its Internet-wide adoption, practices, and network e cacy, as well as the profile of blackholed destinations. In this paper, we develop and evaluate a methodology to automatically detect BGP blackholing activity in the wild. We apply our method to both public and private BGP datasets. We find that hundreds of networks, including large transit providers, as well as about 50 Internet exchange points (IXPs) o er blackholing service to their customers, peers, and members. Between 2014–2017, the number of blackholed prefixes increased by a factor of 6, peaking at 5K concurrently blackholed prefixes by up to 400 Autonomous Systems. We assess the effect of blackholing on the data plane using both targeted active measurements as well as passive datasets, finding that blackholing is indeed highly effective in dropping traffic before it reaches its destination, though it also discards legitimate traffic. We augment our findings with an analysis of the target IP addresses of blackholing. Our tools and insights are relevant for operators considering offering or using BGP blackholing services as well as for researchers studying DDoS mitigation in the Internet.
URI: https://depositonce.tu-berlin.de/handle/11303/10426
http://dx.doi.org/10.14279/depositonce-9378
Issue Date: 1-Nov-2017
Date Available: 3-Dec-2019
DDC Class: 000 Informatik, Informationswissenschaft, allgemeine Werke
Subject(s): BGP
blackholing
DDoS mitigation
Sponsor/Funder: EC/H2020/679158/EU/Resolving the Tussle in the Internet: Mapping, Architecture, and Policy Making/ResolutioNet
EC/H2020/644960/EU/Towards a flexible software-defined network ecosystem/ENDEAVOUR
BMBF, 01IS14009D, Verbundprojekt: BDSec - Big Data Security
BMBF, 01IS14013A, BBDC - Berliner Kompetenzzentrum für Big Data
DFG, FE 570/4-1, Gottfried Wilhelm Leibniz-Preis 2011
License: http://rightsstatements.org/vocab/InC/1.0/
Proceedings Title: IMC '17 Proceedings of the 2017 Internet Measurement Conference
Publisher: Association for Computing Machinery (ACM)
Publisher Place: New York, NY
Publisher DOI: 10.1145/3131365.3131379
Page Start: 1
Page End: 14
ISBN: 978-1-4503-5118-8
Notes: © Owner/Author 2017. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in IMC '17 Proceedings of the 2017 Internet Measurement Conference, http://dx.doi.org/10.1145/3131365.3131379.
Appears in Collections:FG Internet Network Architectures (INET) » Publications

Files in This Item:
File Description SizeFormat 
giotsas_etal_2017.pdfAccepted manuscript2.13 MBAdobe PDFThumbnail
View/Open


Items in DepositOnce are protected by copyright, with all rights reserved, unless otherwise indicated.