liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Characterizing Large-scale Routing Anomalies: A Case Study of the China Telecom Incident
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology. (ADIT)
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology. (ADIT)
University of Toronto, Canada.
2013 (English)In: Passive and Active Measurement / [ed] Matthew Roughan, Rocky Chang, Springer Berlin/Heidelberg, 2013, 229-238 p.Conference paper, Published paper (Refereed)
Abstract [en]

China Telecom’s hijack of approximately 50,000 IP prefixes in April 2010 highlights the potential for traffic interception on the Internet. Indeed, the sensitive nature of the hijacked prefixes, including US government agencies, garnered a great deal of attention and highlights the importance of being able to characterize such incidents after they occur. We use the China Telecom incident as a case study, to understand (1) what can be learned about large-scale routing anomalies using public data sets, and (2) what types of data should be collected to diagnose routing anomalies in the future. We develop a methodology for inferring which prefixes may be impacted by traffic interception using only control-plane data and validate our technique using data-plane traces. The key findings of our study of the China Telecom incident are: (1) The geographic distribution of announced prefixes is similar to the global distribution with a tendency towards prefixes registered in the Asia-Pacific region, (2) there is little evidence for subprefix hijacking which supports the hypothesis that this incident was likely a leak of existing routes, and (3) by preferring customer routes, providers inadvertently enabled interception of their customer’s traffic.

Place, publisher, year, edition, pages
Springer Berlin/Heidelberg, 2013. 229-238 p.
Series
Lecture Notes in Computer Science, ISSN 0302-9743 (print), 1611-3349 (online) ; 7799
Keyword [en]
Measurement, Routing, Security, Border Gateway Protocol
National Category
Computer and Information Science
Identifiers
URN: urn:nbn:se:liu:diva-92564DOI: 10.1007/978-3-642-36516-4_23ISBN: 978-3-642-36515-7 (print)ISBN: 978-3-642-36516-4 (print)OAI: oai:DiVA.org:liu-92564DiVA: diva2:620955
Conference
14th International Conference on Passive and Active Measurement, PAM 2013; Hong Kong; China
Available from: 2013-05-12 Created: 2013-05-12 Last updated: 2014-12-05Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Authority records BETA

Hiran, RahulCarlsson, Niklas

Search in DiVA

By author/editor
Hiran, RahulCarlsson, Niklas
By organisation
Database and information techniquesThe Institute of Technology
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 87 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf