SlideShare une entreprise Scribd logo

Detecting Hijacks and Leaks

ThousandEyes
ThousandEyes

In this webinar, we cover how to detect BGP route leaks and hijacks that can cause suboptimal routing and network performance issues. Starting from key concepts, you'll learn how to recognize route leaks and hijacks in the data, alert for these events and proactively mitigate their impact. See the webinar recording at https://www.thousandeyes.com/webinars/detecting-hijacks-and-leaks

Technologie
1  sur  20
Télécharger pour lire hors ligne
1© 2017 ThousandEyes Inc. All Rights Reserved. Detecting Hijacks and Leaks Young Xu, Product Marketing Manager
2© 2017 ThousandEyes Inc. All Rights Reserved. About ThousandEyes Network Intelligence platform that gives you a complete picture from users to internal and cloud-based applications Routing! User App End-to-End Performance Data App Performance! User Experience! Network Topology! Routing Topology! Enterprise, Endpoint and Cloud Agents Network Connectivity! And Route Monitors! Surface insights from a global data set Lightweight, flexible data collection Unified view of diverse performance data Solve issues across shared infrastructure See any network like it’s your own
3© 2017 ThousandEyes Inc. All Rights Reserved. •  BGP wasn’t designed with security built into it –  Advertisements are generally trusted among ISPs •  The Internet is vulnerable to propagating incorrect routes –  Route leak: Propagation of illegitimate route advertisements, usually by mistake, leading to incorrect or suboptimal routing –  Route hijack: Malicious equivalent to a route leak •  More prone to propagation when leaked path is preferred –  A more specific prefix is advertised –  Advertised path is shorter than current path BGP: Built on Trust
4© 2017 ThousandEyes Inc. All Rights Reserved. AS 200759 Innofield Route Propagation AS 16509 Amazon AS 30844 Econet AS 6939 Hurricane Electric Border Router Amazon advertises routes among BGP peers to upstream ISPs Amazon advertises prefix 54.239.16.0/20 Econet receives route advertisements to Amazon via Hurricane Electric Traffic Path AS 65021 Private
5© 2017 ThousandEyes Inc. All Rights Reserved. AS 65021 Private AS 200759 Innofield AWS Route Leak, April 2016 AS 16509 Amazon AS 30844 Econet AS 6939 Hurricane Electric Traffic Path Innofield leaks routes for more specific /21 prefixes, directing traffic to private AS 65021 Hurricane Electric accepts routes and now directs Amazon- destined traffic to Innofield
6© 2017 ThousandEyes Inc. All Rights Reserved. •  Leaks result from human error or misconfigurations –  Improper route filtering, mismanaged routing policies •  Misuse of NO-EXPORT community •  Misconfigured route optimizers •  Route hijacks are intentional and malicious –  Deny service (e.g. targeted attack, censorship) –  Inspect traffic (see man-in-the-middle attacks) •  Traffic interception and impersonation •  Corporate or state espionage •  Steal cryptocurrency –  IP squatting and spamming Why Leaks and Hijacks Happen
7© 2017 ThousandEyes Inc. All Rights Reserved. Alerting for Leaks and Hijacks Alert Rule Parameter Origin ASN not in: Your own or hosting provider’s ASN Next Hop ASN not in: Upstream ISPs’ ASNs Covered Prefix Exists Covered Prefix not in Your expected sub- prefixes
8© 2017 ThousandEyes Inc. All Rights Reserved. •  Monitor BGP to quickly detect routing events •  Contact upstream ISPs to reject the illegitimate routes •  Announce routes preferable to the leaked route –  More specific prefix (when leaked prefix is bigger than /24) –  Shorter AS path (remove any path prepending) •  Last resort: Change destination prefixes using DNS –  Feasible if you can shift traffic to other data centers or a CDN –  Can take time depending on TTL of DNS records •  RPKI: Publish Route Origin Authorizations (ROAs) in RIR Mitigating Route Leaks Affecting Your Prefixes
9© 2017 ThousandEyes Inc. All Rights Reserved. •  Route filtering (based on prefix, AS path, community) –  Bogon filtering –  Enforce commercial relationships •  Block advertisements for peer paths from customers •  “Peerlocking”: Don’t allow intermediate networks between peers –  BGP Maximum-Prefix: Max number of prefixes from a peer •  Security standards: RPKI, RPSL, BGPSEC •  Prevent hijacks by blocking illegitimate advertisements –  TCP MD5: Uses secret key to compute hash over TCP header –  GTSM: Peer sets TTL to max of 255 (attacker >1 hop away can’t impersonate) Preventing Propagation of Bad Routes
10© 2017 ThousandEyes Inc. All Rights Reserved.© 2017 ThousandEyes Inc. All Rights Reserved. Demo
11© 2017 ThousandEyes Inc. All Rights Reserved. 1. Covered Prefix to Spotify Leaked by Enzu Visible for almost 3 hours Leaked by Enzu (AS18978) Spotify (AS43650) Propagated at LAIX (AS40633) Seen by 4 monitors New, more specific /23 route leaked
12© 2017 ThousandEyes Inc. All Rights Reserved. Impacted Traffic on the Network Layer Traces terminating in edge of Vocus network with LAIX LAIX
13© 2017 ThousandEyes Inc. All Rights Reserved. 2. AxcelX Leak: Normal Routes Amazon.com NTT Level 3 Hurricane Electric ReTN.net
14© 2017 ThousandEyes Inc. All Rights Reserved. Amazon Routes Leaked by AxcelX New routes through Hibernia (AS 5580), AxcelX (AS 33083) New Amazon AS No longer routed through expected ISPs
15© 2017 ThousandEyes Inc. All Rights Reserved. Caused Performance Impacts 100% loss in AxcelX 99% loss in Hibernia
16© 2017 ThousandEyes Inc. All Rights Reserved. 3. Tata Hijack of Societe Generale: Normal Routes Societe Generale AS Bulgarian Telecom (Upstream)Societe Generale prefix Neterra (Upstream)
17© 2017 ThousandEyes Inc. All Rights Reserved. Multiple Origins: Tata Advertised Routes Societe Generale (Correct AS) Tata (Hijacking AS) Locations with completely hijacked routes
18© 2017 ThousandEyes Inc. All Rights Reserved. All ISPs Accepted Tata’s Bad Routes Tata (Hijacking AS)
19© 2017 ThousandEyes Inc. All Rights Reserved. Caused 100% Loss in Tata and Tata’s Peers Traffic had no legitimate routes to reach Societe Generale Tata Cogent
20© 2017 ThousandEyes Inc. All Rights Reserved.© 2017 ThousandEyes Inc. All Rights Reserved. Watch the webinar:
 www.thousandeyes.com/webinars/detecting-hijacks-and-leaks

Recommandé

Optimizing AS Paths
Optimizing AS PathsOptimizing AS Paths
Optimizing AS PathsThousandEyes
 
Monitoring Route Changes
Monitoring Route ChangesMonitoring Route Changes
Monitoring Route ChangesThousandEyes
 
Visualizing and Troubleshooting BGP Routing
Visualizing and Troubleshooting BGP RoutingVisualizing and Troubleshooting BGP Routing
Visualizing and Troubleshooting BGP RoutingThousandEyes
 
Discover Network Insights with Reports
Discover Network Insights with ReportsDiscover Network Insights with Reports
Discover Network Insights with ReportsThousandEyes
 
Diagnosing Internet Outages
Diagnosing Internet OutagesDiagnosing Internet Outages
Diagnosing Internet OutagesThousandEyes
 
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...ThousandEyes
 
Endpoint Agent Part 1: End User Experience
Endpoint Agent Part 1: End User ExperienceEndpoint Agent Part 1: End User Experience
Endpoint Agent Part 1: End User ExperienceThousandEyes
 
Endpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
Endpoint Agent Part 3: LAN, Wireless, Gateways and ProxiesEndpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
Endpoint Agent Part 3: LAN, Wireless, Gateways and ProxiesThousandEyes
 

Recommandé

Optimizing AS Paths
Optimizing AS PathsOptimizing AS Paths
Optimizing AS PathsThousandEyes
 
Monitoring Route Changes
Monitoring Route ChangesMonitoring Route Changes
Monitoring Route ChangesThousandEyes
 
Visualizing and Troubleshooting BGP Routing
Visualizing and Troubleshooting BGP RoutingVisualizing and Troubleshooting BGP Routing
Visualizing and Troubleshooting BGP RoutingThousandEyes
 
Discover Network Insights with Reports
Discover Network Insights with ReportsDiscover Network Insights with Reports
Discover Network Insights with ReportsThousandEyes
 
Diagnosing Internet Outages
Diagnosing Internet OutagesDiagnosing Internet Outages
Diagnosing Internet OutagesThousandEyes
 
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...ThousandEyes
 
Endpoint Agent Part 1: End User Experience
Endpoint Agent Part 1: End User ExperienceEndpoint Agent Part 1: End User Experience
Endpoint Agent Part 1: End User ExperienceThousandEyes
 
Endpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
Endpoint Agent Part 3: LAN, Wireless, Gateways and ProxiesEndpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
Endpoint Agent Part 3: LAN, Wireless, Gateways and ProxiesThousandEyes
 
2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis 2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis ThousandEyes
 
Monitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsMonitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsThousandEyes
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyesThousandEyes
 
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet OutagesNANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet OutagesThousandEyes
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC UpdatesMyNOG
 
Enterprise and Wide Area Network Visibility
Enterprise and Wide Area Network VisibilityEnterprise and Wide Area Network Visibility
Enterprise and Wide Area Network VisibilityThousandEyes
 
ISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black BoxISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black BoxThousandEyes
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes
 
Troubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNsTroubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNsThousandEyes
 
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from AnywhereEndpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from AnywhereThousandEyes
 
Better Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectBetter Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectThousandEyes
 
ThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsThousandEyes
 
Monitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint AgentMonitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint AgentThousandEyes
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud ThousandEyes
 
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNowMeasuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNowThousandEyes
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiMyNOG
 
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya 01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya Indonesia Network Operators Group
 
ElasticISP
ElasticISPElasticISP
ElasticISPKHNOG
 
How BGP Works
How BGP WorksHow BGP Works
How BGP WorksThousandEyes
 
Defcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaDefcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaHai Nguyen
 

Contenu connexe

Tendances

2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis 2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis ThousandEyes
 
Monitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsMonitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsThousandEyes
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyesThousandEyes
 
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet OutagesNANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet OutagesThousandEyes
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC UpdatesMyNOG
 
Enterprise and Wide Area Network Visibility
Enterprise and Wide Area Network VisibilityEnterprise and Wide Area Network Visibility
Enterprise and Wide Area Network VisibilityThousandEyes
 
ISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black BoxISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black BoxThousandEyes
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes
 
Troubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNsTroubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNsThousandEyes
 
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from AnywhereEndpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from AnywhereThousandEyes
 
Better Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectBetter Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectThousandEyes
 
ThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsThousandEyes
 
Monitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint AgentMonitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint AgentThousandEyes
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud ThousandEyes
 
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNowMeasuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNowThousandEyes
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiMyNOG
 
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya 01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya Indonesia Network Operators Group
 
ElasticISP
ElasticISPElasticISP
ElasticISPKHNOG
 

Tendances (20)

2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis 2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis
 
Monitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsMonitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online Operations
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
 
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet OutagesNANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
 
Enterprise and Wide Area Network Visibility
Enterprise and Wide Area Network VisibilityEnterprise and Wide Area Network Visibility
Enterprise and Wide Area Network Visibility
 
ISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black BoxISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black Box
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12
 
Troubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNsTroubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNs
 
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from AnywhereEndpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
 
Better Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectBetter Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes Connect
 
ThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your Network
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent Tests
 
Monitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint AgentMonitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint Agent
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud
 
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNowMeasuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
 
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya 01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
 
ElasticISP
ElasticISPElasticISP
ElasticISP
 

Similaire à Detecting Hijacks and Leaks

Defcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaDefcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaHai Nguyen
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...BGA Cyber Security
 
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS PoisoningMonitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS PoisoningThousandEyes
 
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It Together
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It TogetherPLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It Together
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It TogetherPROIDEA
 
Monitoring IPv6 Networks
Monitoring IPv6 NetworksMonitoring IPv6 Networks
Monitoring IPv6 NetworksThousandEyes
 
MANRS - Introduction to Internet Routing Security
MANRS - Introduction to Internet Routing SecurityMANRS - Introduction to Internet Routing Security
MANRS - Introduction to Internet Routing SecurityObika Gellineau
 
Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformJohn Pollack
 
Routing, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsRouting, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsAPNIC
 
E rou01 routing_basics
E rou01 routing_basicsE rou01 routing_basics
E rou01 routing_basicstanawan44
 
Traffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuTraffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuMyNOG
 
Spoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized InternetSpoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized InternetAPNIC
 
DDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetDDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetTom Paseka
 
Learning from recent major BGP routing leaks
Learning from recent major BGP routing leaksLearning from recent major BGP routing leaks
Learning from recent major BGP routing leaksAPNIC
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolJisc
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry developmentAPNIC
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 

Similaire à Detecting Hijacks and Leaks (20)

How BGP Works
How BGP WorksHow BGP Works
How BGP Works
 
Defcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaDefcon 16-pilosov-kapela
Defcon 16-pilosov-kapela
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
 
MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12
 
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS PoisoningMonitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
 
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It Together
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It TogetherPLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It Together
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It Together
 
Linx851
Linx851Linx851
Linx851
 
Monitoring IPv6 Networks
Monitoring IPv6 NetworksMonitoring IPv6 Networks
Monitoring IPv6 Networks
 
MANRS - Introduction to Internet Routing Security
MANRS - Introduction to Internet Routing SecurityMANRS - Introduction to Internet Routing Security
MANRS - Introduction to Internet Routing Security
 
Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery Platform
 
Improving routing security through concerted action
Improving routing security through concerted actionImproving routing security through concerted action
Improving routing security through concerted action
 
Routing, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsRouting, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of Analytics
 
E rou01 routing_basics
E rou01 routing_basicsE rou01 routing_basics
E rou01 routing_basics
 
Traffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuTraffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie Liu
 
Spoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized InternetSpoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized Internet
 
DDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetDDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internet
 
Learning from recent major BGP routing leaks
Learning from recent major BGP routing leaksLearning from recent major BGP routing leaks
Learning from recent major BGP routing leaks
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 

Plus de ThousandEyes

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024ThousandEyes
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarThousandEyes
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInThousandEyes
 
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...ThousandEyes
 
AMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarAMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarThousandEyes
 
New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024ThousandEyes
 
The Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThe Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThousandEyes
 
Enhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersEnhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersThousandEyes
 
The Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThe Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThousandEyes
 
The Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThe Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThousandEyes
 
ThousandEyes Enterprise Digital Workshop - Spanish
ThousandEyes Enterprise Digital Workshop - SpanishThousandEyes Enterprise Digital Workshop - Spanish
ThousandEyes Enterprise Digital Workshop - SpanishThousandEyes
 
ThousandEyes Enterprise Digital Workshop - German
ThousandEyes Enterprise Digital Workshop - GermanThousandEyes Enterprise Digital Workshop - German
ThousandEyes Enterprise Digital Workshop - GermanThousandEyes
 
ThousandEyes Enterprise Digital Workshop
ThousandEyes Enterprise Digital WorkshopThousandEyes Enterprise Digital Workshop
ThousandEyes Enterprise Digital WorkshopThousandEyes
 
Introduction to ThousandEyes and Meraki MX for Partners
Introduction to ThousandEyes and Meraki MX for PartnersIntroduction to ThousandEyes and Meraki MX for Partners
Introduction to ThousandEyes and Meraki MX for PartnersThousandEyes
 
Level-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyesThousandEyes
 
Level-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyesThousandEyes
 
Level-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyesThousandEyes
 

Plus de ThousandEyes (20)

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
 
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
 
AMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarAMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes Webinar
 
New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024
 
The Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThe Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and Takeaways
 
Enhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersEnhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for Partners
 
The Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThe Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and Takeaways
 
The Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThe Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and Takeaways
 
ThousandEyes Enterprise Digital Workshop - Spanish
ThousandEyes Enterprise Digital Workshop - SpanishThousandEyes Enterprise Digital Workshop - Spanish
ThousandEyes Enterprise Digital Workshop - Spanish
 
ThousandEyes Enterprise Digital Workshop - German
ThousandEyes Enterprise Digital Workshop - GermanThousandEyes Enterprise Digital Workshop - German
ThousandEyes Enterprise Digital Workshop - German
 
ThousandEyes Enterprise Digital Workshop
ThousandEyes Enterprise Digital WorkshopThousandEyes Enterprise Digital Workshop
ThousandEyes Enterprise Digital Workshop
 
Introduction to ThousandEyes and Meraki MX for Partners
Introduction to ThousandEyes and Meraki MX for PartnersIntroduction to ThousandEyes and Meraki MX for Partners
Introduction to ThousandEyes and Meraki MX for Partners
 
Level-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyes
 
Level-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyes
 
Level-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyes
 

Dernier

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Dernier (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Detecting Hijacks and Leaks

  • 1. 1© 2017 ThousandEyes Inc. All Rights Reserved. Detecting Hijacks and Leaks Young Xu, Product Marketing Manager
  • 2. 2© 2017 ThousandEyes Inc. All Rights Reserved. About ThousandEyes Network Intelligence platform that gives you a complete picture from users to internal and cloud-based applications Routing! User App End-to-End Performance Data App Performance! User Experience! Network Topology! Routing Topology! Enterprise, Endpoint and Cloud Agents Network Connectivity! And Route Monitors! Surface insights from a global data set Lightweight, flexible data collection Unified view of diverse performance data Solve issues across shared infrastructure See any network like it’s your own
  • 3. 3© 2017 ThousandEyes Inc. All Rights Reserved. •  BGP wasn’t designed with security built into it –  Advertisements are generally trusted among ISPs •  The Internet is vulnerable to propagating incorrect routes –  Route leak: Propagation of illegitimate route advertisements, usually by mistake, leading to incorrect or suboptimal routing –  Route hijack: Malicious equivalent to a route leak •  More prone to propagation when leaked path is preferred –  A more specific prefix is advertised –  Advertised path is shorter than current path BGP: Built on Trust
  • 4. 4© 2017 ThousandEyes Inc. All Rights Reserved. AS 200759 Innofield Route Propagation AS 16509 Amazon AS 30844 Econet AS 6939 Hurricane Electric Border Router Amazon advertises routes among BGP peers to upstream ISPs Amazon advertises prefix 54.239.16.0/20 Econet receives route advertisements to Amazon via Hurricane Electric Traffic Path AS 65021 Private
  • 5. 5© 2017 ThousandEyes Inc. All Rights Reserved. AS 65021 Private AS 200759 Innofield AWS Route Leak, April 2016 AS 16509 Amazon AS 30844 Econet AS 6939 Hurricane Electric Traffic Path Innofield leaks routes for more specific /21 prefixes, directing traffic to private AS 65021 Hurricane Electric accepts routes and now directs Amazon- destined traffic to Innofield
  • 6. 6© 2017 ThousandEyes Inc. All Rights Reserved. •  Leaks result from human error or misconfigurations –  Improper route filtering, mismanaged routing policies •  Misuse of NO-EXPORT community •  Misconfigured route optimizers •  Route hijacks are intentional and malicious –  Deny service (e.g. targeted attack, censorship) –  Inspect traffic (see man-in-the-middle attacks) •  Traffic interception and impersonation •  Corporate or state espionage •  Steal cryptocurrency –  IP squatting and spamming Why Leaks and Hijacks Happen
  • 7. 7© 2017 ThousandEyes Inc. All Rights Reserved. Alerting for Leaks and Hijacks Alert Rule Parameter Origin ASN not in: Your own or hosting provider’s ASN Next Hop ASN not in: Upstream ISPs’ ASNs Covered Prefix Exists Covered Prefix not in Your expected sub- prefixes
  • 8. 8© 2017 ThousandEyes Inc. All Rights Reserved. •  Monitor BGP to quickly detect routing events •  Contact upstream ISPs to reject the illegitimate routes •  Announce routes preferable to the leaked route –  More specific prefix (when leaked prefix is bigger than /24) –  Shorter AS path (remove any path prepending) •  Last resort: Change destination prefixes using DNS –  Feasible if you can shift traffic to other data centers or a CDN –  Can take time depending on TTL of DNS records •  RPKI: Publish Route Origin Authorizations (ROAs) in RIR Mitigating Route Leaks Affecting Your Prefixes
  • 9. 9© 2017 ThousandEyes Inc. All Rights Reserved. •  Route filtering (based on prefix, AS path, community) –  Bogon filtering –  Enforce commercial relationships •  Block advertisements for peer paths from customers •  “Peerlocking”: Don’t allow intermediate networks between peers –  BGP Maximum-Prefix: Max number of prefixes from a peer •  Security standards: RPKI, RPSL, BGPSEC •  Prevent hijacks by blocking illegitimate advertisements –  TCP MD5: Uses secret key to compute hash over TCP header –  GTSM: Peer sets TTL to max of 255 (attacker >1 hop away can’t impersonate) Preventing Propagation of Bad Routes
  • 10. 10© 2017 ThousandEyes Inc. All Rights Reserved.© 2017 ThousandEyes Inc. All Rights Reserved. Demo
  • 11. 11© 2017 ThousandEyes Inc. All Rights Reserved. 1. Covered Prefix to Spotify Leaked by Enzu Visible for almost 3 hours Leaked by Enzu (AS18978) Spotify (AS43650) Propagated at LAIX (AS40633) Seen by 4 monitors New, more specific /23 route leaked
  • 12. 12© 2017 ThousandEyes Inc. All Rights Reserved. Impacted Traffic on the Network Layer Traces terminating in edge of Vocus network with LAIX LAIX
  • 13. 13© 2017 ThousandEyes Inc. All Rights Reserved. 2. AxcelX Leak: Normal Routes Amazon.com NTT Level 3 Hurricane Electric ReTN.net
  • 14. 14© 2017 ThousandEyes Inc. All Rights Reserved. Amazon Routes Leaked by AxcelX New routes through Hibernia (AS 5580), AxcelX (AS 33083) New Amazon AS No longer routed through expected ISPs
  • 15. 15© 2017 ThousandEyes Inc. All Rights Reserved. Caused Performance Impacts 100% loss in AxcelX 99% loss in Hibernia
  • 16. 16© 2017 ThousandEyes Inc. All Rights Reserved. 3. Tata Hijack of Societe Generale: Normal Routes Societe Generale AS Bulgarian Telecom (Upstream)Societe Generale prefix Neterra (Upstream)
  • 17. 17© 2017 ThousandEyes Inc. All Rights Reserved. Multiple Origins: Tata Advertised Routes Societe Generale (Correct AS) Tata (Hijacking AS) Locations with completely hijacked routes
  • 18. 18© 2017 ThousandEyes Inc. All Rights Reserved. All ISPs Accepted Tata’s Bad Routes Tata (Hijacking AS)
  • 19. 19© 2017 ThousandEyes Inc. All Rights Reserved. Caused 100% Loss in Tata and Tata’s Peers Traffic had no legitimate routes to reach Societe Generale Tata Cogent
  • 20. 20© 2017 ThousandEyes Inc. All Rights Reserved.© 2017 ThousandEyes Inc. All Rights Reserved. Watch the webinar:
 www.thousandeyes.com/webinars/detecting-hijacks-and-leaks