les préfixespréfixesà origines multiples (MOAS)Premì erement, nous avons analysé et classifié ces préfixes en investiguant les raisons pour lesquelles ces préfixes sont annoncés. En nous basant sur cette classification, nous avons pu réduire le champ de recherche d'attaques par détournement de l'ordre de 80%.Deuxì emement, nous avons proposé un système nous permettant d'analyser les cas suspects restants, A.2.5 Conclusion Dans cette section, 2006. ,
Nous avons appliqué ce système sur un cas réel : le cas bulgare Notrepremì ere analyse (section A.2.4.1), similairè a celles faites dans ces précédent travaux, nous indique que cetévènementcetévènement réseau est effectivement le résultat d'une attaque par détournement intentionnelle. Cependant, notre seconde analyse (section A.2.4.2) utilise un ensemble de données qui nous permet d'´ elargir notre champ de vision, mais, en même temps, qui semble réfuter la thèse de l'attaque par détournement, 2007. ,
nous avons procédéprocédéà des analyses détaillées des pratiques BGP dans le but d'isoler un certain nombre de pratiques standards. L'analyse de ces pratiques ,
nous avons analysé les pratiques standards, ce qui nous permet d'´ ecarter un nombre Bibliography [Address Management Hierarchy] APNIC, Understanding address management hierarchy, 2015. ,
Actionable analytics for the web, 2015. ,
Quick Beginners Guide, http://www.apnic.net/apnic-info/whois search/ using-whois/guide, 2015. ,
A study of prefix hijacking and interception in the internet, SIGCOMM '07: Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications, pp.265-276, 2007. ,
Slowing routing table growth by filtering based on address allocation policies, 2001. ,
Dear ripe: please don't encourage phishing, 2012. ,
Visual analytics for BGP monitoring and prefix hijacking identification, IEEE Network, vol.26, issue.6, p.6, 2012. ,
DOI : 10.1109/MNET.2012.6375891
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.686.7472
Routing registry tutorial, Talk at NANOG51, 2011. ,
7007 explanation and apology, 1997. ,
Through the looking-glass, and what eve found there, 8th USENIX Workshop on Offensive Technologies (WOOT 14), 2014. ,
On characterizing BGP routing table growth, Computer Networks, vol.45, issue.1, pp.45-54, 2004. ,
DOI : 10.1016/j.comnet.2004.02.003
Testing the reachability of (new) address space, Proceedings of the 2007 SIGCOMM workshop on Internet network management , INM '07, pp.236-241, 2007. ,
DOI : 10.1145/1321753.1321756
Internet optometry, Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference, IMC '09, pp.242-253, 2009. ,
DOI : 10.1145/1644893.1644923
A survey of bgp security issues and solutions, Proceedings of the IEEE, pp.100-122, 2010. ,
Archipelago (Ark) measurement interface, Applied Internet Data Analysis (CAIDA), 2015. ,
Where the sidewalk ends, Proceedings of the 5th international conference on Emerging networking experiments and technologies, CoNEXT '09, pp.217-228, 2009. ,
DOI : 10.1145/1658939.1658964
BGP ? origin AS validation, CISCO IOS XE RELEASE 3S ? BGP Configuration Guide, 2014. ,
Evolution of Internet Address Space Deaggregation: Myths and Reality, IEEE Journal on Selected Areas in Communications, vol.28, issue.8, pp.1238-1249, 2010. ,
DOI : 10.1109/JSAC.2010.101002
Detection and analysis of drive-by-download attacks and malicious JavaScript code, Proceedings of the 19th international conference on World wide web, WWW '10, 2010. ,
DOI : 10.1145/1772690.1772720
An empirical study of "bogon" route advertisements, ACM SIGCOMM Computer Communication Review, vol.35, issue.1, pp.63-70, 2004. ,
DOI : 10.1145/1052812.1052826
7007: From the horse's mouth, 1997. ,
On inferring autonomous system relationships in the internet, IEEE/ACM Trans. Netw, vol.9, issue.6, pp.733-745, 2001. ,
Working around BGP: An incremental approach to improving security and accuracy in interdomain routing, Proceedings of the Network and Distributed System Security Symposium, 2003. ,
Hacker redirects traffic from 19 internet providers to steal bitcoins, 2014. ,
On the incompleteness of the AS-level graph, Proceedings of the 2012 ACM conference on Internet measurement conference, IMC '12, pp.253-264, 2012. ,
DOI : 10.1145/2398776.2398803
Chronology of a DDoS: SpamHaus, http://blogs.cisco.com/security/chronology-ofa-ddos-spamhaus, 2013. ,
IP Prefix Hijacking Detection Using Idle Scan, AP- NOMS'09: Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services, pp.395-404, 2009. ,
DOI : 10.1007/978-3-540-88623-5_40
Accurate Real-time Identification of IP Prefix Hijacking, 2007 IEEE Symposium on Security and Privacy (SP '07), pp.3-17, 2007. ,
DOI : 10.1109/SP.2007.7
BGP in 2013 ? The Churn Report, p.457, 2014. ,
Securing BGP — A Literature Survey, IEEE Communications Surveys & Tutorials, vol.13, issue.2, pp.199-222, 2011. ,
DOI : 10.1109/SURV.2011.041010.00041
Pretty Good BGP: Improving BGP by Cautiously Adopting Routes, Proceedings of the 2006 IEEE International Conference on Network Protocols, pp.290-299, 2006. ,
DOI : 10.1109/ICNP.2006.320179
Secure Border Gateway Protocol (S-BGP), IEEE Journal on Selected Areas in Communications, vol.18, issue.4, pp.103-116, 2000. ,
DOI : 10.1109/49.839934
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.108.762
A comparative study on IP prefixes and their origin ases in BGP and the IRR, ACM SIGCOMM Computer Communication Review, vol.43, issue.3, pp.16-24, 2013. ,
DOI : 10.1145/2500098.2500101
Filtering after recent Chinese " BGP hijack " does not affect RIPE region, http : / / labs . ripe . net / Members / kistel / content -recent -chinese -bgp -hijack -does -not -affect -ripe, 2010. ,
Computer Networking: A Top-Down Approach, 2010. ,
PHAS: A prefix hijack alert system, USENIX Security Symposium, 2006. ,
BGP Hijacking for Cryptocurrency Profit, http://www.secureworks. com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit, 2014. ,
The vast world of fraudulent routing, 2015. ,
Understanding BGP misconfiguration, ACM SIGCOMM Computer Communication Review, vol.32, issue.4, pp.3-16, 2002. ,
DOI : 10.1145/964725.633027
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.20.1862
Stealthy IP prefix hijacking: Don't bite off more than you can chew, GLOBECOM, pp.1-6, 2009. ,
A Chinese ISP momentarily hijacks the internet, http : / / www . nytimes . com, 2010. ,
Stealing the internet: An internet-scale man in the middle attack, Presentation at DEFCON16, 2008. ,
The anatomy of a leak: AS9121, Presentation at NANOG34, 2005. ,
Detecting bogus BGP route information: Going beyond prefix hijacking, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops, SecureComm 2007, pp.381-390, 2007. ,
DOI : 10.1109/SECCOM.2007.4550358
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.111.3307
RIR Resource Allocation Data Inconsistencies ,
Understanding the network-level behavior of spammers, Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, ser. SIGCOMM '06, pp.291-302, 2006. ,
Specification of internet transmission control program, 1974. ,
DOI : 10.17487/rfc0675
Guidelines for creation, selection, and registration of an autonomous system (AS), RFC 1930, 1996. ,
Protection of BGP sessions via the TCP MD5 signature option, RFC 2385, 1998. ,
Routing policy specification language next generation (RPSLng), RFC 4012, 2005. ,
DOI : 10.17487/rfc4012
Classless inter-domain routing (CIDR): the internet address assignment and aggregation plan, 2006. ,
DOI : 10.17487/rfc4632
Bidirectional flow export using IP flow information export (IPFIX), RFC 5103, 2008. ,
DOI : 10.17487/rfc5103
Textual representation of autonomous system (AS) numbers, RFC 5396, 2008. ,
DOI : 10.17487/rfc5396
The TCP authentication option, 2010. ,
DOI : 10.17487/rfc5925
An infrastructure to support secure internet routing, RFC, vol.6480, 2012. ,
DOI : 10.17487/rfc6480
A profile for resource certificate repository structure, 2012. ,
DOI : 10.17487/rfc6481
BGP support for four-octet autonomous system (AS) number space, RFC 6793, 2012. ,
DOI : 10.17487/rfc6793
Autonomous system (AS) reservation for private use, RFC, vol.6996, 2013. ,
DOI : 10.17487/rfc6996
Becoming a member, https://www.ripe.net/lir-services/member-support, pp.faq-joining, 2015. ,
http : / / www . ripe . net / internet coordination/news/industry-developments/youtube-hijacking-a-ripe-ncc-ris-case-study, 2008. ,
AS number change could affect internet routing from 1, p.2009, 2008. ,
??, Authentication methods used in the RIPE database, https://labs.ripe.net/Members/ kranjbar/authentication-methods-used-in-the-ripe-database, 2011. ,
RIPE database documentation, https://www.ripe.net/manage-ips-and-asns/db/support/ documentation/ripe-database-documentation, 2010. ,
10 Lessons from 10 Years of Measuring and Modeling the Internet's Autonomous Systems, Selected Areas in Communications, pp.1810-1821, 2011. ,
DOI : 10.1109/JSAC.2011.111006
A forensic case study on as hijacking, SIGCOMM CCR, pp.5-12, 2013. ,
DOI : 10.1145/2479957.2479959
Spam? not spam? tracking a hijacked Spamhaus IP, https://greenhost.nl/2013/03/ 21/spam-not-spam-tracking-hijacked-spamhaus-ip, 2013. ,
Detecting prefix hijackings in the internet with argus, Proceedings of the 2012 ACM conference on Internet measurement conference, IMC '12, p.12, 2012. ,
DOI : 10.1145/2398776.2398779
BGP routing: a study at large time scale, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE, 2002. ,
DOI : 10.1109/GLOCOM.2002.1189022
Neighborhood Watch for Internet Routing: Can We Improve the Robustness of Internet Routing Today?, IEEE INFOCOM 2007, 26th IEEE International Conference on Computer Communications, 2007. ,
DOI : 10.1109/INFCOM.2007.151
CB3ROB/SPAMHOUSE hijack as seen from RIPE RIS route collector 3 (Amsterdam ), http://instituut.net/ ? job/cb3rob-spamhaus-hijack-21-mar-2013, 2013. ,
The Spamhaus project, 2015. ,
A Method to Detect Prefix Hijacking by Using Ping Tests, APNOMS '08: Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management, pp.390-398, 2008. ,
DOI : 10.1007/978-3-540-88623-5_40
60 Days of Basic Naughtiness: Probes and Attacks Endured by an Active Web Site, 2001. ,
A prefix hijack alert system ,
On interdomain routing security and pretty secure BGP (psBGP), ACM Trans. Inf. Syst. Secur, vol.10, issue.3, 2007. ,
SpamTracer: How stealthy are spammers?, 5th IEEE International Traffic Monitoring and Analysis Workshop, 2013. ,
DOI : 10.1109/infcomw.2013.6562916
Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks, Proceedings 2015 Network and Distributed System Security Symposium, pp.8-11 ,
DOI : 10.14722/ndss.2015.23035
Towards detecting BGP route hijacking using the RPKI, ACM SIGCOMM Computer Communication Review, vol.42, issue.4, pp.103-104, 2012. ,
DOI : 10.1145/2377677.2377702
Securing BGP through secure origin BGP, Internet Protocol Journal, vol.6, issue.3, 2003. ,
Argus: An accurate and agile system to detecting IP prefix hijacking, 2011 19th IEEE International Conference on Network Protocols, pp.43-48, 2011. ,
DOI : 10.1109/ICNP.2011.6089080
iSPY: Detecting IP prefix hijacking on my own, Proceedings of the ACM SIGCOMM 2008 conference on Data communication, ser. SIGCOMM '08, pp.327-338, 2008. ,
DOI : 10.1109/tnet.2010.2066284
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.155.5241
An analysis of BGP multiple origin AS (MOAS) conflicts, Proceedings of the First ACM SIGCOMM Workshop on Internet Measurement , IMW '01, pp.31-35, 2001. ,
DOI : 10.1145/505202.505207
A light-weight distributed scheme for detecting ip prefix hijacks in real-time, ACM SIGCOMM Computer Communication Review, vol.37, issue.4, pp.277-288, 2007. ,
DOI : 10.1145/1282427.1282412
The Official PGP User's Guide, 1995. ,
Zmap: Fast Internet-wide scanning and its security applications, Proceedings of the 22nd USENIX Security Symposium, 2013. ,
Accidentally importing censorship, 2010. ,