Inferring BGP Blackholing Activity in the Internet

Simple item page
dc.contributor.authorGiotsas, Vasileios
dc.contributor.authorSmaragdakis, Georgios
dc.contributor.authorDietzel, Christoph
dc.contributor.authorRichter, Philipp
dc.contributor.authorFeldmann, Anja
dc.contributor.authorBerger, Arthur
dc.date.accessioned2019-12-03T12:26:28Z
dc.date.available2019-12-03T12:26:28Z
dc.date.issued2017-11-01
dc.description© Owner/Author 2017. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in IMC '17 Proceedings of the 2017 Internet Measurement Conference, http://dx.doi.org/10.1145/3131365.3131379.en
dc.description.abstractThe Border Gateway Protocol (BGP) has been used for decades as the de facto protocol to exchange reachability information among networks in the Internet. However, little is known about how this protocol is used to restrict reachability to selected destinations, e.g., that are under attack. While such a feature, BGP blackholing, has been available for some time, we lack a systematic study of its Internet-wide adoption, practices, and network e cacy, as well as the profile of blackholed destinations. In this paper, we develop and evaluate a methodology to automatically detect BGP blackholing activity in the wild. We apply our method to both public and private BGP datasets. We find that hundreds of networks, including large transit providers, as well as about 50 Internet exchange points (IXPs) o er blackholing service to their customers, peers, and members. Between 2014–2017, the number of blackholed prefixes increased by a factor of 6, peaking at 5K concurrently blackholed prefixes by up to 400 Autonomous Systems. We assess the effect of blackholing on the data plane using both targeted active measurements as well as passive datasets, finding that blackholing is indeed highly effective in dropping traffic before it reaches its destination, though it also discards legitimate traffic. We augment our findings with an analysis of the target IP addresses of blackholing. Our tools and insights are relevant for operators considering offering or using BGP blackholing services as well as for researchers studying DDoS mitigation in the Internet.en
dc.description.sponsorshipEC/H2020/679158/EU/Resolving the Tussle in the Internet: Mapping, Architecture, and Policy Making/ResolutioNeten
dc.description.sponsorshipEC/H2020/644960/EU/Towards a flexible software-defined network ecosystem/ENDEAVOURen
dc.description.sponsorshipBMBF, 01IS14009D, Verbundprojekt: BDSec - Big Data Securityen
dc.description.sponsorshipBMBF, 01IS14013A, BBDC - Berliner Kompetenzzentrum für Big Dataen
dc.description.sponsorshipDFG, FE 570/4-1, Gottfried Wilhelm Leibniz-Preis 2011en
dc.identifier.isbn978-1-4503-5118-8
dc.identifier.urihttps://depositonce.tu-berlin.de/handle/11303/10426
dc.identifier.urihttp://dx.doi.org/10.14279/depositonce-9378
dc.language.isoenen
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subject.ddc000 Informatik, Informationswissenschaft, allgemeine Werkede
dc.subject.otherBGPen
dc.subject.otherblackholingen
dc.subject.otherDDoS mitigationen
dc.titleInferring BGP Blackholing Activity in the Interneten
dc.typeConference Objecten
dc.type.versionacceptedVersionen
dcterms.bibliographicCitation.doi10.1145/3131365.3131379en
dcterms.bibliographicCitation.originalpublishernameAssociation for Computing Machinery (ACM)en
dcterms.bibliographicCitation.originalpublisherplaceNew York, NYen
dcterms.bibliographicCitation.pageend14en
dcterms.bibliographicCitation.pagestart1en
dcterms.bibliographicCitation.proceedingstitleIMC '17 Proceedings of the 2017 Internet Measurement Conferenceen
tub.accessrights.dnbfreeen
tub.affiliationFak. 4 Elektrotechnik und Informatik::Inst. Telekommunikationssysteme::FG Internet Measurement and Analysis (IMA)de
tub.affiliation.facultyFak. 4 Elektrotechnik und Informatikde
tub.affiliation.groupFG Internet Measurement and Analysis (IMA)de
tub.affiliation.instituteInst. Telekommunikationssystemede
tub.publisher.universityorinstitutionTechnische Universität Berlinen

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
giotsas_etal_2017.pdf
Size:
2.08 MB
Format:
Adobe Portable Document Format
Description:
Accepted manuscript
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
4.9 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Publications