Oracle Corporation
METHODS AND APPARATUS FOR FINDING GLOBAL ROUTING HIJACKS

Abstract:

Every day, thousands of routing "hijacks" occur on the Internet, almost all of them benign. The malicious ones and the resulting misdirection of Internet traffic can be identified by applying sophisticated analytics to extensive global real-time feeds of Border Gateway Protocol (BGP) routing updates. When legitimate attacks are discovered, the automated analysis may be augmented with Domain Name Service (DNS) data (to determine the likely targets), traceroute data (to determine if they represent Man-In-The-Middle exploits), inferred business relationships (to understand the scope of the impacts) and even the raw BGP messages. These techniques can be used to uncover attacks against both commercial and government entities.