A Taxonomy of Attacks Using BGP Blackholing Loc Miller and Cristel - - PowerPoint PPT Presentation

A Taxonomy of Attacks Using BGP Blackholing

Loïc Miller and Cristel Pelsser September 23, 2019

University of Strasbourg

BGP Blackholing

Blackholing is a DDoS mitigation technique signaled via BGP1.

AS 10 AS 20 AS 30

P: 192.0.2.0/24

1Rekhter, Li, and Hares, A Border Gateway Protocol 4 (BGP-4).

1/17

BGP Blackholing

Blackholing is a DDoS mitigation technique signaled via BGP1. Internet is composed of Autonomous Systems (AS): one or more networks under the control of a single entity.

AS 10 AS 20 AS 30

P: 192.0.2.0/24

Figure 1: BGP Blackholing

1Rekhter, Li, and Hares, A Border Gateway Protocol 4 (BGP-4).

1/17

BGP Blackholing

Blackholing is a DDoS mitigation technique signaled via BGP1. Internet is composed of Autonomous Systems (AS): one or more networks under the control of a single entity.

AS 10 AS 20 AS 30

P: 192.0.2.0/24

Figure 1: BGP Blackholing

1Rekhter, Li, and Hares, A Border Gateway Protocol 4 (BGP-4).

1/17

BGP Blackholing

Blackholing is a DDoS mitigation technique signaled via BGP1. Internet is composed of Autonomous Systems (AS): one or more networks under the control of a single entity.

AS 10 AS 20 AS 30

P: 192.0.2.0/24 BLACKHOLE

Figure 1: BGP Blackholing

1Rekhter, Li, and Hares, A Border Gateway Protocol 4 (BGP-4).

1/17

BGP Blackholing

Blackholing is a DDoS mitigation technique signaled via BGP1. Internet is composed of Autonomous Systems (AS): one or more networks under the control of a single entity.

AS 10 AS 20 AS 30

P: 192.0.2.0/24 BLACKHOLE

Figure 1: BGP Blackholing

Blackholing has a double-edged sword effect: all traffic is dropped.

1Rekhter, Li, and Hares, A Border Gateway Protocol 4 (BGP-4).

1/17

Objectives

1/17

Objectives Can blackholing be used with malicious intent?

1/17

Objectives Can blackholing be used with malicious intent? Are there different types of attacks?

1/17

Objectives Can blackholing be used with malicious intent? Are there different types of attacks? Are there any existing and relevant security mechanisms?

1/17

Objectives Can blackholing be used with malicious intent? Are there different types of attacks? Are there any existing and relevant security mechanisms? Are these mechanisms enough?

1/17

Quick BGP Primer

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

Figure 2: BGP message propagation

2/17

Quick BGP Primer

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

10.1/16 AS5

Figure 2: BGP message propagation

2/17

Quick BGP Primer

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

10.1/16 AS3 AS5 10.1/16 AS3 AS5 10.1/16 AS3 AS5

Figure 2: BGP message propagation

2/17

Quick BGP Primer

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

10.1/16 AS1 AS3 AS5 10.1/16 AS4 AS3 AS5

Figure 2: BGP message propagation

2/17

Quick BGP Primer

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

Figure 2: BGP message propagation

2/17

BGP Hijacks

As BGP is a distributed protocol, lacking authentication of route origins and verification

• f paths, ASes can advertise

illegitimate routes for prefixes they do not own, attracting some or all of the traffic to these prefixes.

2/17

BGP Hijacks

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

Figure 3: BGP hijack

3/17

BGP Hijacks

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 10.1.0.0/16

Figure 3: BGP hijack

3/17

BGP Hijacks

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 10.1.0.0/16

10.1/16 AS6 10.1/16 AS6

Figure 3: BGP hijack

3/17

BGP Hijacks

AS 1 AS 2 AS 3 AS 5 AS 6 AS 4

10.1.0.0/16 10.1.0.0/16

10.1/16 AS4 AS6 10.1/16 AS4 AS6

Figure 3: BGP hijack

3/17

BGP Hijacks

AS 1 AS 3 AS 5 AS 6 AS 4 AS 2

10.1.0.0/16 10.1.0.0/16

10.1/16 AS2 AS4 AS6

Figure 3: BGP hijack

3/17

BGP Hijacks

AS 1 AS 3 AS 5 AS 6 AS 4 AS 2

10.1.0.0/16 10.1.0.0/16

Figure 3: BGP hijack (Type-02)

2Sermpezis et al., “ARTEMIS: Neutralizing BGP hijacking within a minute”.

3/17

BGP Hijacks - 5304 routing attacks in 2017 alone2.

AS 1 AS 3 AS 5 AS 6 AS 4 AS 2

10.1.0.0/16 10.1.0.0/16

Figure 3: BGP hijack (Type-0)

2Robachevsky, 14,000 Incidents: A 2017 Routing Security Year in Review.

3/17

BGP Blackjacks - Type-0 AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

Figure 4: Type-0 blackjack

4/17

BGP Blackjacks - Type-0 AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 10.1.0.0/16

Figure 4: Type-0 blackjack

4/17

BGP Blackjacks - Type-0 AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 10.1.0.0/16

10.1/16 AS6 AS3:666 10.1/16 AS6 AS4:666 Figure 4: Type-0 blackjack

4/17

BGP Blackjacks - Type-0 AS 1 AS 2 AS 5 AS 6 AS 3 AS 4

10.1.0.0/16 10.1.0.0/16

Figure 4: Type-0 blackjack

4/17

Best practices for legitimate blackholing empower blackjacks

Best Practices for blackholing3 Give a higher priority to blackholing. Do not propagate the advertisement across AS borders.

3Cisco, Remotely Triggered Black Hole Filtering - Destination Based and Source

Based. 5/17

Best practices for legitimate blackholing empower blackjacks

Best Practices for blackholing3 Give a higher priority to blackholing. Do not propagate the advertisement across AS borders. Advantages of blackjacks Reach: Precedence over AS path length. Even ASes far away are vulnerable. No propagation: More disruption. Stealth: The attacker is not dropping traffic himself.

3Cisco, Remotely Triggered Black Hole Filtering - Destination Based and Source

Based. 5/17

RPKI - Resource Public Key Infrastructure4

The RPKI is a distributed, hierarchic public key infrastructure. It allows prefix holders to emit digitally signed objects attesting that a given AS is authorized to originate routes for a set of prefixes.

4Lepinski and Kent, An Infrastructure to Support Secure Internet Routing.

6/17

RPKI - Resource Public Key Infrastructure

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

RPKI pub. point

Figure 5: RPKI usage

7/17

RPKI - Resource Public Key Infrastructure

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

RPKI pub. point

10.1/16 AS5

Figure 5: RPKI usage

7/17

RPKI - Resource Public Key Infrastructure

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 10.1.0.0/16

RPKI pub. point

Figure 5: RPKI usage

7/17

RPKI - Resource Public Key Infrastructure

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 10.1.0.0/16

RPKI pub. point

10.1/16 AS6 AS3:666 10.1/16 AS6 AS4:666

Figure 5: RPKI usage

7/17

RPKI - Resource Public Key Infrastructure

AS 1 AS 2 AS 4 AS 5 AS 6 AS 3

10.1.0.0/16 10.1.0.0/16

RPKI pub. point

Figure 5: RPKI usage

7/17

BGP Blackjacks - Type-N AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

RPKI pub. point

Figure 6: Type-N blackjack

8/17

BGP Blackjacks - Type-N AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 10.1.0.0/16

RPKI pub. point

Figure 6: Type-N blackjack

8/17

BGP Blackjacks - Type-N AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 10.1.0.0/16

RPKI pub. point

10.1/16 AS6 AS5 AS3:666 10.1/16 AS6 AS5 AS4:666 Figure 6: Type-N blackjack

8/17

BGP Blackjacks - Type-N AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 10.1.0.0/16

RPKI pub. point

10.1/16 AS6 AS5 AS3:666 10.1/16 AS6 AS5 AS4:666 Figure 6: Type-N blackjack

8/17

BGP Blackjacks - Type-N AS 1 AS 2 AS 5 AS 6 AS 3 AS 4

10.1.0.0/16 10.1.0.0/16

RPKI pub. point

Figure 6: Type-N blackjack

8/17

BGPsec5

BGPsec modifies BGP to allow ASes to sign advertisements. This guarantees the AS path reflects the actual path the advertisement went through.

5Lepinski and Sriram, BGPsec Protocol Specification.

9/17

BGPsec

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 1 2 3 4 5 6

Figure 7: BGPsec message propagation

10/17

BGPsec

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 1 2 3 4 5 6

5 10.1/16 - AS3 AS5

Figure 7: BGPsec message propagation

10/17

BGPsec

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 1 2 3 4 5 6

5 10.1/16 - AS3 AS5 3 10.1/16 - AS1 AS3 AS5 5 10.1/16 - AS3 AS5 3 10.1/16 - AS4 AS3 AS5 5 10.1/16 - AS3 AS5 3 10.1/16 - AS6 AS3 AS5

Figure 7: BGPsec message propagation

10/17

BGPsec

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 1 2 3 4 5 6

5 10.1/16 - AS3 AS5 3 10.1/16 - AS1 AS3 AS5 1 10.1/16 - AS2 AS1 AS3 AS5 5 10.1/16 - AS3 AS5 3 10.1/16 - AS4 AS3 AS5 4 10.1/16 - AS6 AS4 AS3 AS5

Figure 7: BGPsec message propagation

10/17

BGPsec

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 1 2 3 4 5 6

Figure 7: BGPsec message propagation

10/17

BGP Blackjacks - Type-N AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

RPKI pub. point 1 2 3 4 5 6

Figure 8: Type-N blackjack

11/17

BGP Blackjacks - Type-N AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

RPKI pub. point 1 2 3 4 5 6

Figure 8: Type-N blackjack

11/17

BGP Blackjacks - Type-N AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

RPKI pub. point 1 2 3 4 5 6

10.1/16 AS6 AS5 AS3:666 10.1/16 AS6 AS5 AS4:666 Figure 8: Type-N blackjack

11/17

BGP Blackjacks - Type-N AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16

RPKI pub. point 1 2 3 4 5 6

Figure 8: Type-N blackjack

11/17

BGP Blackjacks - On Path

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 1 2 3 4 5 6

Figure 9: On Path blackjack

12/17

BGP Blackjacks - On Path

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 1 2 3 4 5 6

5 10.1/16 - AS3 AS5

Figure 9: On Path blackjack

12/17

BGP Blackjacks - On Path

AS 1 AS 2 AS 4 AS 5 AS 6 AS 3

10.1.0.0/16 1 2 3 4 5 6

5 10.1/16 - AS3 AS5

Figure 9: On Path blackjack

12/17

BGP Blackjacks - On Path

AS 1 AS 2 AS 4 AS 5 AS 6 AS 3

10.1.0.0/16 1 2 3 4 5 6

5 10.1/16 - AS3 AS5 3 10.1/16 - AS1 AS3 AS5 5 10.1/16 - AS3 AS5 3 10.1/16 - AS4 AS3 AS5 5 10.1/16 - AS3 AS5 3 10.1/16 - AS6 AS3 AS5

Figure 9: On Path blackjack

12/17

BGP Blackjacks - On Path

AS 1 AS 2 AS 4 AS 5 AS 6 AS 3

10.1.0.0/16 1 2 3 4 5 6

5 10.1/16 - AS3 AS5 3 10.1/16 - AS1 AS3 AS5 AS1:666 5 10.1/16 - AS3 AS5 3 10.1/16 - AS4 AS3 AS5 5 10.1/16 - AS3 AS5 3 10.1/16 - AS6 AS3 AS5

Figure 9: On Path blackjack

12/17

BGP Blackjacks - On Path

AS 2 AS 4 AS 5 AS 6 AS 3 AS 1

10.1.0.0/16 1 2 3 4 5 6

5 10.1/16 - AS3 AS5 3 10.1/16 - AS4 AS3 AS5 4 10.1/16 - AS6 AS4 AS3 AS5

Figure 9: On Path blackjack

12/17

BGP Blackjacks - On Path

AS 2 AS 4 AS 5 AS 6 AS 3 AS 1

10.1.0.0/16 1 2 3 4 5 6

Figure 9: On Path blackjack

12/17

Attack Taxonomy

Security Deployment Type-0 Type-N NOP OP OP-GRV BGPsec (full) ■ ■ ■ □ □ BGPsec (partial) ◪ ◪ ◪ □ □ RPKI (full) ■ □ □ □ □ RPKI (partial) ◪ □ □ □ □ No security □ □ □ □ □ Table 1: Security deployments against exact prefix blackjacks

13/17

Attack Taxonomy

Security Deployment Type-0 Type-N NOP OP OP-GRV BGPsec (full) ■ ■ ■ □ □ BGPsec (partial) ◪ ◪ ◪ □ □ RPKI (full) ■ □ □ □ □ RPKI (partial) ◪ □ □ □ □ No security □ □ □ □ □ Table 1: Security deployments against exact prefix blackjacks

BGPsec: not yet deployed.

13/17

Attack Taxonomy

Security Deployment Type-0 Type-N NOP OP OP-GRV BGPsec (full) ■ ■ ■ □ □ BGPsec (partial) ◪ ◪ ◪ □ □ RPKI (full) ■ □ □ □ □ RPKI (partial) ◪ □ □ □ □ No security □ □ □ □ □ Table 1: Security deployments against exact prefix blackjacks

BGPsec: not yet deployed. RPKI: 16.44% of prefixes.

13/17

Attack Taxonomy

Security Deployment Type-0 Type-N NOP OP OP-GRV BGPsec (full) ■ ■ ■ □ □ BGPsec (partial) ◪ ◪ ◪ □ □ RPKI (full) ■ □ □ □ □ RPKI (partial) ◪ □ □ □ □ No security □ □ □ □ □ Table 1: Security deployments against exact prefix blackjacks

BGPsec: not yet deployed. RPKI: 16.44% of prefixes. ROV: 84 ASes (0.005 < certainty < 1)6

6Reuter et al., “Towards a rigorous methodology for measuring adoption of RPKI

route validation and filtering”. 13/17

Attack Taxonomy

Security Deployment Type-0 Type-N NOP OP OP-GRV BGPsec (full) ■ ■ ■ □ □ BGPsec (partial) ◪ ◪ ◪ □ □ RPKI (full) ■ □ □ □ □ RPKI (partial) ◪ □ □ □ □ No security □ □ □ □ □ Table 1: Security deployments against exact prefix blackjacks

BGPsec: not yet deployed. RPKI: 16.44% of prefixes. ROV: 84 ASes (0.005 < certainty < 1)6 - 0.13% of ASes7.

6Reuter et al., “Towards a rigorous methodology for measuring adoption of RPKI

route validation and filtering”.

7Bates, Smith, and Huston, CIDR REPORT for 22 Sep 19.

13/17

Attack Taxonomy

Security Deployment Type-0 Type-N NOP OP OP-GRV BGPsec (full) ■ ■ ■ □ □ BGPsec (partial) ◪ ◪ ◪ □ □ RPKI (full) ■ □ □ □ □ RPKI (partial) ◪ □ □ □ □ No security □ □ □ □ □ Table 1: Security deployments against exact prefix blackjacks

BGPsec: not yet deployed. RPKI: 16.44% of prefixes. ROV: 84 ASes (0.005 < certainty < 1)6 - 0.13% of ASes7.

6Reuter et al., “Towards a rigorous methodology for measuring adoption of RPKI

route validation and filtering”.

7Bates, Smith, and Huston, CIDR REPORT for 22 Sep 19.

13/17

Suggested Best Practices

Authorized origin: RPKI. Valid path: BGPsec. It is not enough!

14/17

Suggested Best Practices

Authorized origin: RPKI. Valid path: BGPsec. Direct connection: The AS sending the blackhole advertisement is directly connected to the local AS: only one AS in the AS path.

14/17

Suggested Best Practices

Direct connection: The AS sending the blackhole advertisement is directly connected to the local AS: only one AS in the AS path.

AS 1 AS 2 AS 3

10.1.0.0/16

Figure 10: Suggested Best Practices

14/17

Suggested Best Practices

Direct connection: The AS sending the blackhole advertisement is directly connected to the local AS: only one AS in the AS path.

AS 1 AS 2 AS 3

10.1.0.0/16

10.1/16 AS1 AS2:666

Figure 10: Suggested Best Practices

14/17

Suggested Best Practices

Direct connection: The AS sending the blackhole advertisement is directly connected to the local AS: only one AS in the AS path.

AS 1 AS 2 AS 3

10.1.0.0/16

10.1/16 AS2 AS1 AS3:666

Figure 10: Suggested Best Practices

14/17

Suggested Best Practices

Direct connection: The AS sending the blackhole advertisement is directly connected to the local AS: only one AS in the AS path.

AS 1 AS 2 AS 3

10.1.0.0/16

10.1/16 AS2 AS1 AS3:666

Figure 10: Suggested Best Practices

14/17

Suggested Best Practices

Direct connection: The AS sending the blackhole advertisement is directly connected to the local AS: only one AS in the AS path. Limits possible attacks to Type-0 and NOP blackjacks.

AS 1 AS 2 AS 3

10.1.0.0/16

Figure 10: Suggested Best Practices

14/17

Suggested Best Practices

Direct connection: The AS sending the blackhole advertisement is directly connected to the local AS: only one AS in the AS path. Limits possible attacks to Type-0 and NOP blackjacks.

AS 1 AS 2 AS 3

10.1.0.0/16

10.1/16 AS1 AS3:666

Figure 10: Suggested Best Practices

14/17

Suggested Best Practices

Legitimate peer: The peer sending the blackhole advertisement is legitimate if the leftmost AS in the AS path is the ASN specified in the BGP OPEN message that created the session.

AS 1 AS 2 AS 3

10.1.0.0/16

10.1/16 AS1 AS3:666

Figure 10: Suggested Best Practices

14/17

A BGPsec solution - Associate communities to ASes.

pCount Flags ASN pCount Flags ASN ... SKI Length Signature SKI Length Signature ... SKI Length Signature SKI Length Signature ... Secure_Path Sig_Block 1 Sig_Block 2

Figure 11: BGPsec_PATH attribute

pCount Flags ASN pCount Flags ASN ... AS:value AS:value ... AS:value AS:value ... ... SKI Length Signature SKI Length Signature ... SKI Length Signature SKI Length Signature ... Secure_Path Secure_Communities Sig_Block 1 Sig_Block 2

15/17

A BGPsec solution - Associate communities to ASes.

pCount Flags ASN pCount Flags ASN ... SKI Length Signature SKI Length Signature ... SKI Length Signature SKI Length Signature ... Secure_Path Sig_Block 1 Sig_Block 2

Figure 11: BGPsec_PATH attribute

pCount Flags ASN pCount Flags ASN ... AS:value AS:value ... AS:value AS:value ... ... SKI Length Signature SKI Length Signature ... SKI Length Signature SKI Length Signature ... Secure_Path Secure_Communities Sig_Block 1 Sig_Block 2

Figure 12: Modified attribute

15/17

A BGPsec solution - Associate communities to ASes.

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 1 2 3 4 5 6

Figure 13: BGPsec message propagation (modified)

16/17

A BGPsec solution - Associate communities to ASes.

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 1 2 3 4 5 6

5 10.1/16 - AS3 AS5 - C5

Figure 13: BGPsec message propagation (modified)

16/17

A BGPsec solution - Associate communities to ASes.

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 1 2 3 4 5 6

5 10.1/16 - AS3 AS5 - C5 3 10.1/16 - AS1 AS3 AS5 - C3 C5 5 10.1/16 - AS3 AS5 - C5 3 10.1/16 - AS4 AS3 AS5 - C3 C5 5 10.1/16 - AS3 AS5 - C5 3 10.1/16 - AS6 AS3 AS5 - C3 C5

Figure 13: BGPsec message propagation (modified)

16/17

A BGPsec solution - Associate communities to ASes.

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 1 2 3 4 5 6

5 10.1/16 - AS3 AS5 - C5 3 10.1/16 - AS1 AS3 AS5 1 10.1/16 - AS2 AS1 AS3 AS5 - C1 C3 C5 5 10.1/16 - AS3 AS5 - C5 3 10.1/16 - AS4 AS3 AS5 4 10.1/16 - AS6 AS4 AS3 AS5 - C4 C3 C5

Figure 13: BGPsec message propagation (modified)

16/17

A BGPsec solution - Associate communities to ASes.

AS 1 AS 2 AS 3 AS 4 AS 5 AS 6

10.1.0.0/16 1 2 3 4 5 6

Figure 13: BGPsec message propagation (modified)

16/17

Perspectives

Test remaining8 attacks in a real world setting.

8Streibelt et al., “BGP Communities: Even more Worms in the Routing Can”.

17/17

Perspectives

Test remaining8 attacks in a real world setting. Investigate ASes proposing blackholing services.

8Streibelt et al., “BGP Communities: Even more Worms in the Routing Can”.

17/17

Perspectives

Test remaining8 attacks in a real world setting. Investigate ASes proposing blackholing services. Extend the attack model.

8Streibelt et al., “BGP Communities: Even more Worms in the Routing Can”.

17/17

Takeway message

New BGP attacks: BGP blackjacks.

17/17

Takeway message

New BGP attacks: BGP blackjacks. Blackjack attack taxonomy.

17/17

Takeway message

New BGP attacks: BGP blackjacks. Blackjack attack taxonomy. Existing routing security mechanisms do not provide complete protection.

17/17

Takeway message

New BGP attacks: BGP blackjacks. Blackjack attack taxonomy. Existing routing security mechanisms do not provide complete protection. Additional mechanisms to properly defend against or mitigate those attacks.

17/17

Thank you!

17/17

[1] Tony Bates, Philip Smith, and Geoff Huston. CIDR REPORT for 22 Sep 19. 2019. url: https://www.cidr-report.org/as2.0/ (visited on 09/22/2019). [2]

• Cisco. Remotely Triggered Black Hole Filtering - Destination Based and Source Based. 2005. url:

https://www.cisco.com/c/dam/en/us/products/collateral/security/ios-network- foundation-protection-nfp/prod%5C_white%5C_paper0900aecd80313fac.pdf (visited on 09/22/2019). [3]

• M. Lepinski and S. Kent. An Infrastructure to Support Secure Internet Routing. RFC 6480. RFC Editor,
• Feb. 2012. url: http://www.rfc-editor.org/rfc/rfc6480.txt.

[4]

• M. Lepinski and K. Sriram. BGPsec Protocol Specification. RFC 8205. RFC Editor, Sept. 2017.

[5]

• Y. Rekhter, T. Li, and S. Hares. A Border Gateway Protocol 4 (BGP-4). RFC 4271.

http://www.rfc-editor.org/rfc/rfc4271.txt. RFC Editor, Jan. 2006. url: http://www.rfc-editor.org/rfc/rfc4271.txt. [6] Andreas Reuter et al. “Towards a rigorous methodology for measuring adoption of RPKI route validation and filtering”. In: ACM SIGCOMM Computer Communication Review 48.1 (2018), pp. 19–27. [7] Andrei Robachevsky. 14,000 Incidents: A 2017 Routing Security Year in Review. 2018. url: https://www.internetsociety.org/blog/2018/01/14000-incidents-2017-routing- security-year-review/ (visited on 09/22/2019). [8] Pavlos Sermpezis et al. “ARTEMIS: Neutralizing BGP hijacking within a minute”. In: IEEE/ACM Transactions on Networking (TON) 26.6 (2018), pp. 2471–2486. [9] Florian Streibelt et al. “BGP Communities: Even more Worms in the Routing Can”. In: Proceedings of the Internet Measurement Conference 2018. ACM. 2018, pp. 279–292.

Type-0: 10 - 20:666 - 192.0.2.0/24 Type-N: 10 30 - 20:666 - 192.0.2.0/24

AS 10 Attacker AS 20 Blackholer AS 30 Victim

P: 192.0.2.0/24 P P

Figure 14: Type-0 and Type-N blackjacks

P: 192.0.2.0/24 OP: 10 30 - 20:666 - 192.0.2.0/24 P

AS 10 Attacker AS 20 Blackholer AS 30 Victim

P P

Figure 15: On Path blackjacks

OP-GRV: 20 30 40 - 10:666 - 192.0.2.0/24 NOP: 40 - 30:666 - 192.0.2.0/24

AS 20 Attacker AS 40 Victim AS 30 Blackholer AS 10 Blackholer

P P P P: 192.0.2.0/24

Figure 16: OP-GRV and NOP blackjacks

Security Deployment Type-0 Type-N NOP OP OP-GRV BGPsec (full) ■ ■ ■ ■ ■ BGPsec (partial) ◪ ◪ ◪ ■ ■ RPKI (full) ■ ■ ■ ■ ■ RPKI (partial) ◪ ◪ ◪ ■ ■ No security □ □ □ ■ ■ Table 2: Security deployments against sub-prefix blackjacks