, les préfixespréfixesà origines multiples (MOAS)Premì erement, nous avons analysé et classifié ces préfixes en investiguant les raisons pour lesquelles ces préfixes sont annoncés. En nous basant sur cette classification, nous avons pu réduire le champ de recherche d'attaques par détournement de l'ordre de 80%.Deuxì emement, nous avons proposé un système nous permettant d'analyser les cas suspects restants, A.2.5 Conclusion Dans cette section, 2006.
, Nous avons appliqué ce système sur un cas réel : le cas bulgare Notrepremì ere analyse (section A.2.4.1), similairè a celles faites dans ces précédent travaux, nous indique que cetévènementcetévènement réseau est effectivement le résultat d'une attaque par détournement intentionnelle. Cependant, notre seconde analyse (section A.2.4.2) utilise un ensemble de données qui nous permet d'´ elargir notre champ de vision, mais, en même temps, qui semble réfuter la thèse de l'attaque par détournement, 2007.
, nous avons procédéprocédéà des analyses détaillées des pratiques BGP dans le but d'isoler un certain nombre de pratiques standards. L'analyse de ces pratiques
, nous avons analysé les pratiques standards, ce qui nous permet d'´ ecarter un nombre Bibliography [Address Management Hierarchy] APNIC, Understanding address management hierarchy, 2015.
, Actionable analytics for the web, 2015.
, Quick Beginners Guide, http://www.apnic.net/apnic-info/whois search/ using-whois/guide, 2015.
, A study of prefix hijacking and interception in the internet, SIGCOMM '07: Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications, pp.265-276, 2007.
, Slowing routing table growth by filtering based on address allocation policies, 2001.
, Dear ripe: please don't encourage phishing, 2012.
, Visual analytics for BGP monitoring and prefix hijacking identification, IEEE Network, vol.26, issue.6, p.6, 2012.
DOI : 10.1109/MNET.2012.6375891
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.686.7472
, Routing registry tutorial, Talk at NANOG51, 2011.
, 7007 explanation and apology, 1997.
, Through the looking-glass, and what eve found there, 8th USENIX Workshop on Offensive Technologies (WOOT 14), 2014.
, On characterizing BGP routing table growth, Computer Networks, vol.45, issue.1, pp.45-54, 2004.
DOI : 10.1016/j.comnet.2004.02.003
, Testing the reachability of (new) address space, Proceedings of the 2007 SIGCOMM workshop on Internet network management , INM '07, pp.236-241, 2007.
DOI : 10.1145/1321753.1321756
, Internet optometry, Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference, IMC '09, pp.242-253, 2009.
DOI : 10.1145/1644893.1644923
, A survey of bgp security issues and solutions, Proceedings of the IEEE, pp.100-122, 2010.
, Archipelago (Ark) measurement interface, Applied Internet Data Analysis (CAIDA), 2015.
, Where the sidewalk ends, Proceedings of the 5th international conference on Emerging networking experiments and technologies, CoNEXT '09, pp.217-228, 2009.
DOI : 10.1145/1658939.1658964
, BGP ? origin AS validation, CISCO IOS XE RELEASE 3S ? BGP Configuration Guide, 2014.
, Evolution of Internet Address Space Deaggregation: Myths and Reality, IEEE Journal on Selected Areas in Communications, vol.28, issue.8, pp.1238-1249, 2010.
DOI : 10.1109/JSAC.2010.101002
, Detection and analysis of drive-by-download attacks and malicious JavaScript code, Proceedings of the 19th international conference on World wide web, WWW '10, 2010.
DOI : 10.1145/1772690.1772720
, An empirical study of "bogon" route advertisements, ACM SIGCOMM Computer Communication Review, vol.35, issue.1, pp.63-70, 2004.
DOI : 10.1145/1052812.1052826
, 7007: From the horse's mouth, 1997.
, On inferring autonomous system relationships in the internet, IEEE/ACM Trans. Netw, vol.9, issue.6, pp.733-745, 2001.
, Working around BGP: An incremental approach to improving security and accuracy in interdomain routing, Proceedings of the Network and Distributed System Security Symposium, 2003.
, Hacker redirects traffic from 19 internet providers to steal bitcoins, 2014.
, On the incompleteness of the AS-level graph, Proceedings of the 2012 ACM conference on Internet measurement conference, IMC '12, pp.253-264, 2012.
DOI : 10.1145/2398776.2398803
, Chronology of a DDoS: SpamHaus, http://blogs.cisco.com/security/chronology-ofa-ddos-spamhaus, 2013.
, IP Prefix Hijacking Detection Using Idle Scan, AP- NOMS'09: Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services, pp.395-404, 2009.
DOI : 10.1007/978-3-540-88623-5_40
, Accurate Real-time Identification of IP Prefix Hijacking, 2007 IEEE Symposium on Security and Privacy (SP '07), pp.3-17, 2007.
DOI : 10.1109/SP.2007.7
, BGP in 2013 ? The Churn Report, p.457, 2014.
, Securing BGP — A Literature Survey, IEEE Communications Surveys & Tutorials, vol.13, issue.2, pp.199-222, 2011.
DOI : 10.1109/SURV.2011.041010.00041
, Pretty Good BGP: Improving BGP by Cautiously Adopting Routes, Proceedings of the 2006 IEEE International Conference on Network Protocols, pp.290-299, 2006.
DOI : 10.1109/ICNP.2006.320179
, Secure Border Gateway Protocol (S-BGP), IEEE Journal on Selected Areas in Communications, vol.18, issue.4, pp.103-116, 2000.
DOI : 10.1109/49.839934
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.108.762
, A comparative study on IP prefixes and their origin ases in BGP and the IRR, ACM SIGCOMM Computer Communication Review, vol.43, issue.3, pp.16-24, 2013.
DOI : 10.1145/2500098.2500101
, Filtering after recent Chinese " BGP hijack " does not affect RIPE region, http : / / labs . ripe . net / Members / kistel / content -recent -chinese -bgp -hijack -does -not -affect -ripe, 2010.
, Computer Networking: A Top-Down Approach, 2010.
, PHAS: A prefix hijack alert system, USENIX Security Symposium, 2006.
, BGP Hijacking for Cryptocurrency Profit, http://www.secureworks. com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit, 2014.
, The vast world of fraudulent routing, 2015.
, Understanding BGP misconfiguration, ACM SIGCOMM Computer Communication Review, vol.32, issue.4, pp.3-16, 2002.
DOI : 10.1145/964725.633027
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.20.1862
, Stealthy IP prefix hijacking: Don't bite off more than you can chew, GLOBECOM, pp.1-6, 2009.
, A Chinese ISP momentarily hijacks the internet, http : / / www . nytimes . com, 2010.
, Stealing the internet: An internet-scale man in the middle attack, Presentation at DEFCON16, 2008.
, The anatomy of a leak: AS9121, Presentation at NANOG34, 2005.
, Detecting bogus BGP route information: Going beyond prefix hijacking, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops, SecureComm 2007, pp.381-390, 2007.
DOI : 10.1109/SECCOM.2007.4550358
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.111.3307
, RIR Resource Allocation Data Inconsistencies
, Understanding the network-level behavior of spammers, Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, ser. SIGCOMM '06, pp.291-302, 2006.
, Specification of internet transmission control program, 1974.
DOI : 10.17487/rfc0675
, Guidelines for creation, selection, and registration of an autonomous system (AS), RFC 1930, 1996.
, Protection of BGP sessions via the TCP MD5 signature option, RFC 2385, 1998.
, Routing policy specification language next generation (RPSLng), RFC 4012, 2005.
DOI : 10.17487/rfc4012
, Classless inter-domain routing (CIDR): the internet address assignment and aggregation plan, 2006.
DOI : 10.17487/rfc4632
, Bidirectional flow export using IP flow information export (IPFIX), RFC 5103, 2008.
DOI : 10.17487/rfc5103
, Textual representation of autonomous system (AS) numbers, RFC 5396, 2008.
DOI : 10.17487/rfc5396
, The TCP authentication option, 2010.
DOI : 10.17487/rfc5925
, An infrastructure to support secure internet routing, RFC, vol.6480, 2012.
DOI : 10.17487/rfc6480
, A profile for resource certificate repository structure, 2012.
DOI : 10.17487/rfc6481
, BGP support for four-octet autonomous system (AS) number space, RFC 6793, 2012.
DOI : 10.17487/rfc6793
, Autonomous system (AS) reservation for private use, RFC, vol.6996, 2013.
DOI : 10.17487/rfc6996
, Becoming a member, https://www.ripe.net/lir-services/member-support, pp.faq-joining, 2015.
, http : / / www . ripe . net / internet coordination/news/industry-developments/youtube-hijacking-a-ripe-ncc-ris-case-study, 2008.
, AS number change could affect internet routing from 1, p.2009, 2008.
, ??, Authentication methods used in the RIPE database, https://labs.ripe.net/Members/ kranjbar/authentication-methods-used-in-the-ripe-database, 2011.
, RIPE database documentation, https://www.ripe.net/manage-ips-and-asns/db/support/ documentation/ripe-database-documentation, 2010.
, 10 Lessons from 10 Years of Measuring and Modeling the Internet's Autonomous Systems, Selected Areas in Communications, pp.1810-1821, 2011.
DOI : 10.1109/JSAC.2011.111006
, A forensic case study on as hijacking, SIGCOMM CCR, pp.5-12, 2013.
DOI : 10.1145/2479957.2479959
, Spam? not spam? tracking a hijacked Spamhaus IP, https://greenhost.nl/2013/03/ 21/spam-not-spam-tracking-hijacked-spamhaus-ip, 2013.
, Detecting prefix hijackings in the internet with argus, Proceedings of the 2012 ACM conference on Internet measurement conference, IMC '12, p.12, 2012.
DOI : 10.1145/2398776.2398779
, BGP routing: a study at large time scale, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE, 2002.
DOI : 10.1109/GLOCOM.2002.1189022
, Neighborhood Watch for Internet Routing: Can We Improve the Robustness of Internet Routing Today?, IEEE INFOCOM 2007, 26th IEEE International Conference on Computer Communications, 2007.
DOI : 10.1109/INFCOM.2007.151
, CB3ROB/SPAMHOUSE hijack as seen from RIPE RIS route collector 3 (Amsterdam ), http://instituut.net/ ? job/cb3rob-spamhaus-hijack-21-mar-2013, 2013.
, The Spamhaus project, 2015.
, A Method to Detect Prefix Hijacking by Using Ping Tests, APNOMS '08: Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management, pp.390-398, 2008.
DOI : 10.1007/978-3-540-88623-5_40
, 60 Days of Basic Naughtiness: Probes and Attacks Endured by an Active Web Site, 2001.
, A prefix hijack alert system
, On interdomain routing security and pretty secure BGP (psBGP), ACM Trans. Inf. Syst. Secur, vol.10, issue.3, 2007.
, SpamTracer: How stealthy are spammers?, 5th IEEE International Traffic Monitoring and Analysis Workshop, 2013.
DOI : 10.1109/infcomw.2013.6562916
, Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks, Proceedings 2015 Network and Distributed System Security Symposium, pp.8-11
DOI : 10.14722/ndss.2015.23035
, Towards detecting BGP route hijacking using the RPKI, ACM SIGCOMM Computer Communication Review, vol.42, issue.4, pp.103-104, 2012.
DOI : 10.1145/2377677.2377702
, Securing BGP through secure origin BGP, Internet Protocol Journal, vol.6, issue.3, 2003.
, Argus: An accurate and agile system to detecting IP prefix hijacking, 2011 19th IEEE International Conference on Network Protocols, pp.43-48, 2011.
DOI : 10.1109/ICNP.2011.6089080
, iSPY: Detecting IP prefix hijacking on my own, Proceedings of the ACM SIGCOMM 2008 conference on Data communication, ser. SIGCOMM '08, pp.327-338, 2008.
DOI : 10.1109/tnet.2010.2066284
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.155.5241
, An analysis of BGP multiple origin AS (MOAS) conflicts, Proceedings of the First ACM SIGCOMM Workshop on Internet Measurement , IMW '01, pp.31-35, 2001.
DOI : 10.1145/505202.505207
, A light-weight distributed scheme for detecting ip prefix hijacks in real-time, ACM SIGCOMM Computer Communication Review, vol.37, issue.4, pp.277-288, 2007.
DOI : 10.1145/1282427.1282412
, The Official PGP User's Guide, 1995.
, Zmap: Fast Internet-wide scanning and its security applications, Proceedings of the 22nd USENIX Security Symposium, 2013.
, Accidentally importing censorship, 2010.