SlideShare a Scribd company logo

Detecting Hijacks and Leaks

ThousandEyes
ThousandEyes

In this webinar, we cover how to detect BGP route leaks and hijacks that can cause suboptimal routing and network performance issues. Starting from key concepts, you'll learn how to recognize route leaks and hijacks in the data, alert for these events and proactively mitigate their impact. See the webinar recording at https://www.thousandeyes.com/webinars/detecting-hijacks-and-leaks

1 of 20
Download to read offline
1© 2017 ThousandEyes Inc. All Rights Reserved. Detecting Hijacks and Leaks Young Xu, Product Marketing Manager
2© 2017 ThousandEyes Inc. All Rights Reserved. About ThousandEyes Network Intelligence platform that gives you a complete picture from users to internal and cloud-based applications Routing! User App End-to-End Performance Data App Performance! User Experience! Network Topology! Routing Topology! Enterprise, Endpoint and Cloud Agents Network Connectivity! And Route Monitors! Surface insights from a global data set Lightweight, flexible data collection Unified view of diverse performance data Solve issues across shared infrastructure See any network like it’s your own
3© 2017 ThousandEyes Inc. All Rights Reserved. •  BGP wasn’t designed with security built into it –  Advertisements are generally trusted among ISPs •  The Internet is vulnerable to propagating incorrect routes –  Route leak: Propagation of illegitimate route advertisements, usually by mistake, leading to incorrect or suboptimal routing –  Route hijack: Malicious equivalent to a route leak •  More prone to propagation when leaked path is preferred –  A more specific prefix is advertised –  Advertised path is shorter than current path BGP: Built on Trust
4© 2017 ThousandEyes Inc. All Rights Reserved. AS 200759 Innofield Route Propagation AS 16509 Amazon AS 30844 Econet AS 6939 Hurricane Electric Border Router Amazon advertises routes among BGP peers to upstream ISPs Amazon advertises prefix 54.239.16.0/20 Econet receives route advertisements to Amazon via Hurricane Electric Traffic Path AS 65021 Private
5© 2017 ThousandEyes Inc. All Rights Reserved. AS 65021 Private AS 200759 Innofield AWS Route Leak, April 2016 AS 16509 Amazon AS 30844 Econet AS 6939 Hurricane Electric Traffic Path Innofield leaks routes for more specific /21 prefixes, directing traffic to private AS 65021 Hurricane Electric accepts routes and now directs Amazon- destined traffic to Innofield
6© 2017 ThousandEyes Inc. All Rights Reserved. •  Leaks result from human error or misconfigurations –  Improper route filtering, mismanaged routing policies •  Misuse of NO-EXPORT community •  Misconfigured route optimizers •  Route hijacks are intentional and malicious –  Deny service (e.g. targeted attack, censorship) –  Inspect traffic (see man-in-the-middle attacks) •  Traffic interception and impersonation •  Corporate or state espionage •  Steal cryptocurrency –  IP squatting and spamming Why Leaks and Hijacks Happen
7© 2017 ThousandEyes Inc. All Rights Reserved. Alerting for Leaks and Hijacks Alert Rule Parameter Origin ASN not in: Your own or hosting provider’s ASN Next Hop ASN not in: Upstream ISPs’ ASNs Covered Prefix Exists Covered Prefix not in Your expected sub- prefixes
8© 2017 ThousandEyes Inc. All Rights Reserved. •  Monitor BGP to quickly detect routing events •  Contact upstream ISPs to reject the illegitimate routes •  Announce routes preferable to the leaked route –  More specific prefix (when leaked prefix is bigger than /24) –  Shorter AS path (remove any path prepending) •  Last resort: Change destination prefixes using DNS –  Feasible if you can shift traffic to other data centers or a CDN –  Can take time depending on TTL of DNS records •  RPKI: Publish Route Origin Authorizations (ROAs) in RIR Mitigating Route Leaks Affecting Your Prefixes
9© 2017 ThousandEyes Inc. All Rights Reserved. •  Route filtering (based on prefix, AS path, community) –  Bogon filtering –  Enforce commercial relationships •  Block advertisements for peer paths from customers •  “Peerlocking”: Don’t allow intermediate networks between peers –  BGP Maximum-Prefix: Max number of prefixes from a peer •  Security standards: RPKI, RPSL, BGPSEC •  Prevent hijacks by blocking illegitimate advertisements –  TCP MD5: Uses secret key to compute hash over TCP header –  GTSM: Peer sets TTL to max of 255 (attacker >1 hop away can’t impersonate) Preventing Propagation of Bad Routes
10© 2017 ThousandEyes Inc. All Rights Reserved.© 2017 ThousandEyes Inc. All Rights Reserved. Demo
11© 2017 ThousandEyes Inc. All Rights Reserved. 1. Covered Prefix to Spotify Leaked by Enzu Visible for almost 3 hours Leaked by Enzu (AS18978) Spotify (AS43650) Propagated at LAIX (AS40633) Seen by 4 monitors New, more specific /23 route leaked
12© 2017 ThousandEyes Inc. All Rights Reserved. Impacted Traffic on the Network Layer Traces terminating in edge of Vocus network with LAIX LAIX
13© 2017 ThousandEyes Inc. All Rights Reserved. 2. AxcelX Leak: Normal Routes Amazon.com NTT Level 3 Hurricane Electric ReTN.net
14© 2017 ThousandEyes Inc. All Rights Reserved. Amazon Routes Leaked by AxcelX New routes through Hibernia (AS 5580), AxcelX (AS 33083) New Amazon AS No longer routed through expected ISPs
15© 2017 ThousandEyes Inc. All Rights Reserved. Caused Performance Impacts 100% loss in AxcelX 99% loss in Hibernia
16© 2017 ThousandEyes Inc. All Rights Reserved. 3. Tata Hijack of Societe Generale: Normal Routes Societe Generale AS Bulgarian Telecom (Upstream)Societe Generale prefix Neterra (Upstream)
17© 2017 ThousandEyes Inc. All Rights Reserved. Multiple Origins: Tata Advertised Routes Societe Generale (Correct AS) Tata (Hijacking AS) Locations with completely hijacked routes
18© 2017 ThousandEyes Inc. All Rights Reserved. All ISPs Accepted Tata’s Bad Routes Tata (Hijacking AS)
19© 2017 ThousandEyes Inc. All Rights Reserved. Caused 100% Loss in Tata and Tata’s Peers Traffic had no legitimate routes to reach Societe Generale Tata Cogent
20© 2017 ThousandEyes Inc. All Rights Reserved.© 2017 ThousandEyes Inc. All Rights Reserved. Watch the webinar:
 www.thousandeyes.com/webinars/detecting-hijacks-and-leaks

Recommended

Optimizing AS Paths
Optimizing AS PathsOptimizing AS Paths
Optimizing AS Paths
ThousandEyes
 
Monitoring Route Changes
Monitoring Route ChangesMonitoring Route Changes
Monitoring Route Changes
ThousandEyes
 
Visualizing and Troubleshooting BGP Routing
Visualizing and Troubleshooting BGP RoutingVisualizing and Troubleshooting BGP Routing
Visualizing and Troubleshooting BGP Routing
ThousandEyes
 
Discover Network Insights with Reports
Discover Network Insights with ReportsDiscover Network Insights with Reports
Discover Network Insights with Reports
ThousandEyes
 
Diagnosing Internet Outages
Diagnosing Internet OutagesDiagnosing Internet Outages
Diagnosing Internet Outages
ThousandEyes
 
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
ThousandEyes
 
Endpoint Agent Part 1: End User Experience
Endpoint Agent Part 1: End User ExperienceEndpoint Agent Part 1: End User Experience
Endpoint Agent Part 1: End User Experience
ThousandEyes
 
Endpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
Endpoint Agent Part 3: LAN, Wireless, Gateways and ProxiesEndpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
Endpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
ThousandEyes
 

Recommended

Optimizing AS Paths
Optimizing AS PathsOptimizing AS Paths
Optimizing AS Paths
ThousandEyes
 
Monitoring Route Changes
Monitoring Route ChangesMonitoring Route Changes
Monitoring Route Changes
ThousandEyes
 
Visualizing and Troubleshooting BGP Routing
Visualizing and Troubleshooting BGP RoutingVisualizing and Troubleshooting BGP Routing
Visualizing and Troubleshooting BGP Routing
ThousandEyes
 
Discover Network Insights with Reports
Discover Network Insights with ReportsDiscover Network Insights with Reports
Discover Network Insights with Reports
ThousandEyes
 
Diagnosing Internet Outages
Diagnosing Internet OutagesDiagnosing Internet Outages
Diagnosing Internet Outages
ThousandEyes
 
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
ThousandEyes
 
Endpoint Agent Part 1: End User Experience
Endpoint Agent Part 1: End User ExperienceEndpoint Agent Part 1: End User Experience
Endpoint Agent Part 1: End User Experience
ThousandEyes
 
Endpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
Endpoint Agent Part 3: LAN, Wireless, Gateways and ProxiesEndpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
Endpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
ThousandEyes
 
2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis 2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis
ThousandEyes
 
Monitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsMonitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online Operations
ThousandEyes
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
ThousandEyes
 
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet OutagesNANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
ThousandEyes
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
MyNOG
 
Enterprise and Wide Area Network Visibility
Enterprise and Wide Area Network VisibilityEnterprise and Wide Area Network Visibility
Enterprise and Wide Area Network Visibility
ThousandEyes
 
ISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black BoxISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black Box
ThousandEyes
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12
ThousandEyes
 
Troubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNsTroubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNs
ThousandEyes
 
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from AnywhereEndpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
ThousandEyes
 
Better Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectBetter Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes Connect
ThousandEyes
 
ThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your Network
ThousandEyes
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
MyNOG
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent Tests
ThousandEyes
 
Monitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint AgentMonitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint Agent
ThousandEyes
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud
ThousandEyes
 
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNowMeasuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
ThousandEyes
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
MyNOG
 
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya 01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
Indonesia Network Operators Group
 
ElasticISP
ElasticISPElasticISP
ElasticISP
KHNOG
 
How BGP Works
How BGP WorksHow BGP Works
How BGP Works
ThousandEyes
 
Defcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaDefcon 16-pilosov-kapela
Defcon 16-pilosov-kapela
Hai Nguyen
 

More Related Content

What's hot

2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis 2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis
ThousandEyes
 
Monitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsMonitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online Operations
ThousandEyes
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
ThousandEyes
 
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet OutagesNANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
ThousandEyes
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
MyNOG
 
Enterprise and Wide Area Network Visibility
Enterprise and Wide Area Network VisibilityEnterprise and Wide Area Network Visibility
Enterprise and Wide Area Network Visibility
ThousandEyes
 
ISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black BoxISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black Box
ThousandEyes
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12
ThousandEyes
 
Troubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNsTroubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNs
ThousandEyes
 
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from AnywhereEndpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
ThousandEyes
 
Better Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectBetter Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes Connect
ThousandEyes
 
ThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your Network
ThousandEyes
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
MyNOG
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent Tests
ThousandEyes
 
Monitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint AgentMonitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint Agent
ThousandEyes
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud
ThousandEyes
 
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNowMeasuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
ThousandEyes
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
MyNOG
 
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya 01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
Indonesia Network Operators Group
 
ElasticISP
ElasticISPElasticISP
ElasticISP
KHNOG
 

What's hot (20)

2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis 2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis
 
Monitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsMonitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online Operations
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
 
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet OutagesNANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
 
Enterprise and Wide Area Network Visibility
Enterprise and Wide Area Network VisibilityEnterprise and Wide Area Network Visibility
Enterprise and Wide Area Network Visibility
 
ISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black BoxISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black Box
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12
 
Troubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNsTroubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNs
 
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from AnywhereEndpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
 
Better Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectBetter Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes Connect
 
ThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your Network
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent Tests
 
Monitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint AgentMonitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint Agent
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud
 
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNowMeasuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
 
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya 01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
 
ElasticISP
ElasticISPElasticISP
ElasticISP
 

Similar to Detecting Hijacks and Leaks

How BGP Works
How BGP WorksHow BGP Works
How BGP Works
ThousandEyes
 
Defcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaDefcon 16-pilosov-kapela
Defcon 16-pilosov-kapela
Hai Nguyen
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
BGA Cyber Security
 
MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12
Bangladesh Network Operators Group
 
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS PoisoningMonitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
ThousandEyes
 
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It Together
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It TogetherPLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It Together
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It Together
PROIDEA
 
Linx851
Linx851Linx851
Linx851
Earl Zmijewski
 
Monitoring IPv6 Networks
Monitoring IPv6 NetworksMonitoring IPv6 Networks
Monitoring IPv6 Networks
ThousandEyes
 
MANRS - Introduction to Internet Routing Security
MANRS - Introduction to Internet Routing SecurityMANRS - Introduction to Internet Routing Security
MANRS - Introduction to Internet Routing Security
Obika Gellineau
 
Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery Platform
John Pollack
 
Improving routing security through concerted action
Improving routing security through concerted actionImproving routing security through concerted action
Improving routing security through concerted action
CSUC - Consorci de Serveis Universitaris de Catalunya
 
Routing, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsRouting, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of Analytics
APNIC
 
E rou01 routing_basics
E rou01 routing_basicsE rou01 routing_basics
E rou01 routing_basics
tanawan44
 
Traffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuTraffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie Liu
MyNOG
 
Spoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized InternetSpoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized Internet
APNIC
 
DDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetDDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internet
Tom Paseka
 
Learning from recent major BGP routing leaks
Learning from recent major BGP routing leaksLearning from recent major BGP routing leaks
Learning from recent major BGP routing leaks
APNIC
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
Jisc
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
APNIC
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
IKT-Norge
 

Similar to Detecting Hijacks and Leaks (20)

How BGP Works
How BGP WorksHow BGP Works
How BGP Works
 
Defcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaDefcon 16-pilosov-kapela
Defcon 16-pilosov-kapela
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
 
MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12
 
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS PoisoningMonitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
 
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It Together
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It TogetherPLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It Together
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It Together
 
Linx851
Linx851Linx851
Linx851
 
Monitoring IPv6 Networks
Monitoring IPv6 NetworksMonitoring IPv6 Networks
Monitoring IPv6 Networks
 
MANRS - Introduction to Internet Routing Security
MANRS - Introduction to Internet Routing SecurityMANRS - Introduction to Internet Routing Security
MANRS - Introduction to Internet Routing Security
 
Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery Platform
 
Improving routing security through concerted action
Improving routing security through concerted actionImproving routing security through concerted action
Improving routing security through concerted action
 
Routing, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsRouting, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of Analytics
 
E rou01 routing_basics
E rou01 routing_basicsE rou01 routing_basics
E rou01 routing_basics
 
Traffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuTraffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie Liu
 
Spoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized InternetSpoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized Internet
 
DDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetDDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internet
 
Learning from recent major BGP routing leaks
Learning from recent major BGP routing leaksLearning from recent major BGP routing leaks
Learning from recent major BGP routing leaks
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 

More from ThousandEyes

Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
ThousandEyes
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
ThousandEyes
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
ThousandEyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
ThousandEyes
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
ThousandEyes
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
ThousandEyes
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
ThousandEyes
 
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
ThousandEyes
 
AMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarAMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes Webinar
ThousandEyes
 
New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024
ThousandEyes
 
The Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThe Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and Takeaways
ThousandEyes
 
Enhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersEnhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for Partners
ThousandEyes
 
The Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThe Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and Takeaways
ThousandEyes
 
The Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThe Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and Takeaways
ThousandEyes
 

More from ThousandEyes (20)

Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
 
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
 
AMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarAMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes Webinar
 
New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024
 
The Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThe Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and Takeaways
 
Enhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersEnhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for Partners
 
The Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThe Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and Takeaways
 
The Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThe Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and Takeaways
 

Recently uploaded

20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Project Management Semester Long Project - Acuity
Project Management Semester Long Project - AcuityProject Management Semester Long Project - Acuity
Project Management Semester Long Project - Acuity
jpupo2018
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
Federico Razzoli
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 

Recently uploaded (20)

20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Project Management Semester Long Project - Acuity
Project Management Semester Long Project - AcuityProject Management Semester Long Project - Acuity
Project Management Semester Long Project - Acuity
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 

Detecting Hijacks and Leaks

  • 1. 1© 2017 ThousandEyes Inc. All Rights Reserved. Detecting Hijacks and Leaks Young Xu, Product Marketing Manager
  • 2. 2© 2017 ThousandEyes Inc. All Rights Reserved. About ThousandEyes Network Intelligence platform that gives you a complete picture from users to internal and cloud-based applications Routing! User App End-to-End Performance Data App Performance! User Experience! Network Topology! Routing Topology! Enterprise, Endpoint and Cloud Agents Network Connectivity! And Route Monitors! Surface insights from a global data set Lightweight, flexible data collection Unified view of diverse performance data Solve issues across shared infrastructure See any network like it’s your own
  • 3. 3© 2017 ThousandEyes Inc. All Rights Reserved. •  BGP wasn’t designed with security built into it –  Advertisements are generally trusted among ISPs •  The Internet is vulnerable to propagating incorrect routes –  Route leak: Propagation of illegitimate route advertisements, usually by mistake, leading to incorrect or suboptimal routing –  Route hijack: Malicious equivalent to a route leak •  More prone to propagation when leaked path is preferred –  A more specific prefix is advertised –  Advertised path is shorter than current path BGP: Built on Trust
  • 4. 4© 2017 ThousandEyes Inc. All Rights Reserved. AS 200759 Innofield Route Propagation AS 16509 Amazon AS 30844 Econet AS 6939 Hurricane Electric Border Router Amazon advertises routes among BGP peers to upstream ISPs Amazon advertises prefix 54.239.16.0/20 Econet receives route advertisements to Amazon via Hurricane Electric Traffic Path AS 65021 Private
  • 5. 5© 2017 ThousandEyes Inc. All Rights Reserved. AS 65021 Private AS 200759 Innofield AWS Route Leak, April 2016 AS 16509 Amazon AS 30844 Econet AS 6939 Hurricane Electric Traffic Path Innofield leaks routes for more specific /21 prefixes, directing traffic to private AS 65021 Hurricane Electric accepts routes and now directs Amazon- destined traffic to Innofield
  • 6. 6© 2017 ThousandEyes Inc. All Rights Reserved. •  Leaks result from human error or misconfigurations –  Improper route filtering, mismanaged routing policies •  Misuse of NO-EXPORT community •  Misconfigured route optimizers •  Route hijacks are intentional and malicious –  Deny service (e.g. targeted attack, censorship) –  Inspect traffic (see man-in-the-middle attacks) •  Traffic interception and impersonation •  Corporate or state espionage •  Steal cryptocurrency –  IP squatting and spamming Why Leaks and Hijacks Happen
  • 7. 7© 2017 ThousandEyes Inc. All Rights Reserved. Alerting for Leaks and Hijacks Alert Rule Parameter Origin ASN not in: Your own or hosting provider’s ASN Next Hop ASN not in: Upstream ISPs’ ASNs Covered Prefix Exists Covered Prefix not in Your expected sub- prefixes
  • 8. 8© 2017 ThousandEyes Inc. All Rights Reserved. •  Monitor BGP to quickly detect routing events •  Contact upstream ISPs to reject the illegitimate routes •  Announce routes preferable to the leaked route –  More specific prefix (when leaked prefix is bigger than /24) –  Shorter AS path (remove any path prepending) •  Last resort: Change destination prefixes using DNS –  Feasible if you can shift traffic to other data centers or a CDN –  Can take time depending on TTL of DNS records •  RPKI: Publish Route Origin Authorizations (ROAs) in RIR Mitigating Route Leaks Affecting Your Prefixes
  • 9. 9© 2017 ThousandEyes Inc. All Rights Reserved. •  Route filtering (based on prefix, AS path, community) –  Bogon filtering –  Enforce commercial relationships •  Block advertisements for peer paths from customers •  “Peerlocking”: Don’t allow intermediate networks between peers –  BGP Maximum-Prefix: Max number of prefixes from a peer •  Security standards: RPKI, RPSL, BGPSEC •  Prevent hijacks by blocking illegitimate advertisements –  TCP MD5: Uses secret key to compute hash over TCP header –  GTSM: Peer sets TTL to max of 255 (attacker >1 hop away can’t impersonate) Preventing Propagation of Bad Routes
  • 10. 10© 2017 ThousandEyes Inc. All Rights Reserved.© 2017 ThousandEyes Inc. All Rights Reserved. Demo
  • 11. 11© 2017 ThousandEyes Inc. All Rights Reserved. 1. Covered Prefix to Spotify Leaked by Enzu Visible for almost 3 hours Leaked by Enzu (AS18978) Spotify (AS43650) Propagated at LAIX (AS40633) Seen by 4 monitors New, more specific /23 route leaked
  • 12. 12© 2017 ThousandEyes Inc. All Rights Reserved. Impacted Traffic on the Network Layer Traces terminating in edge of Vocus network with LAIX LAIX
  • 13. 13© 2017 ThousandEyes Inc. All Rights Reserved. 2. AxcelX Leak: Normal Routes Amazon.com NTT Level 3 Hurricane Electric ReTN.net
  • 14. 14© 2017 ThousandEyes Inc. All Rights Reserved. Amazon Routes Leaked by AxcelX New routes through Hibernia (AS 5580), AxcelX (AS 33083) New Amazon AS No longer routed through expected ISPs
  • 15. 15© 2017 ThousandEyes Inc. All Rights Reserved. Caused Performance Impacts 100% loss in AxcelX 99% loss in Hibernia
  • 16. 16© 2017 ThousandEyes Inc. All Rights Reserved. 3. Tata Hijack of Societe Generale: Normal Routes Societe Generale AS Bulgarian Telecom (Upstream)Societe Generale prefix Neterra (Upstream)
  • 17. 17© 2017 ThousandEyes Inc. All Rights Reserved. Multiple Origins: Tata Advertised Routes Societe Generale (Correct AS) Tata (Hijacking AS) Locations with completely hijacked routes
  • 18. 18© 2017 ThousandEyes Inc. All Rights Reserved. All ISPs Accepted Tata’s Bad Routes Tata (Hijacking AS)
  • 19. 19© 2017 ThousandEyes Inc. All Rights Reserved. Caused 100% Loss in Tata and Tata’s Peers Traffic had no legitimate routes to reach Societe Generale Tata Cogent
  • 20. 20© 2017 ThousandEyes Inc. All Rights Reserved.© 2017 ThousandEyes Inc. All Rights Reserved. Watch the webinar:
 www.thousandeyes.com/webinars/detecting-hijacks-and-leaks