You might have seen a recent analysis by Renesys of some sophisticated prefix hijacking increasingly happening in the Internet. I think many of us heard about the Pakistan-YouTube incident and similar misconfigurations, which are in fact a form of a DoS attack. But what Renesys discovered is something different. "Why settle for simple denial of service, when you can instead steal a victim’s traffic, take a few milliseconds to inspect or modify it, and then pass it along to the intended recipient?" – they wrote in the blog.
But that is probably happening to other networks, not yours… Are you sure?
It is possible that routing incidents disguise themselves as other types of outages. A customer call related to loss of connectivity may or may not be a result of a prefix hijack. Research shows that many of the routing incidents last only 30 minutes. By the time a network administrator looks into the case, the incident is gone!
Do we know how much risk is associated with "unprotected" routing, or routing by rumor as it happens frequently in the Internet today? To assess this, we must know not only the frequency of the incidents, but also the impact they cause. And we feel that last bit is completely missing. Risks are often ignored, or accepted, providing little incentive for operators to implement security enhancements.
To tackle this problem the Internet Society, in partnership with BGPmon, has started a project called the "Routing Resilience Survey." This effort is based on the collection of incident data related to routing resilience to provide a statistically representative picture of these incidents and their impacts, as a basis for risk assessment and global trend analysis.
We would like to invite network operators to join this effort. You can find more information about this project here:
For participating network operators, the project will help answering questions like:
- What happens with my prefixes elsewhere in the global Internet?
- What impact can routing misconfigurations have on my network?
- How "safe" is the global routing system?
One important thing I'd like to mention here is related to confidentiality. We understand the sensitivity of some of the data involved in this effort. Therefore, the Internet Society is committed to ensuring participant-specific information remains confidential. All data collected will be stored on Internet Society servers. Any public information or analyses will be fully anonymized.
This is a six-month effort. After the project is successfully completed we will publish a report presenting the findings, statistical data and trends. We'll also be happy to present the results at various network operator meetings.
To participate, please send a request for the creation of your account to firstname.lastname@example.org. In the request, please indicate your AS number. You may also include AS numbers of your customers for whom you would like to monitor and classify related security incidents.
We hope you will join this effort.