bgp as isp security ranking
play

BGP AS / ISP Security Ranking Raphal Vinot raphael.vinot@gmail.com - PowerPoint PPT Presentation

Aug 27, 2022 •433 likes •771 views

BGP AS / ISP Security Ranking Raphal Vinot raphael.vinot@gmail.com Conostix Workshop Hack.lu 2010 Raphal Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 1 / 33 Table of contents Introduction 1 Basics terms Resources

  1. BGP AS / ISP Security Ranking Raphaël Vinot raphael.vinot@gmail.com Conostix Workshop Hack.lu 2010 Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 1 / 33

  2. Table of contents Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 2 / 33

  3. Content Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 3 / 33

  4. Basics terms What is the Border Gateway Protocol (BGP) ? What is an Autonomous System (AS) ? Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 4 / 33

  5. Border Gateway Protocol (BGP) Routing protocol of the Internet Associate Autonomous Systems and Networks Use policies (QoS and security) Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 5 / 33

  6. Autonomous System (AS) Identify operators without using IPs One or more subnet for each ASN Assignation: IANA, RIR and LIR Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 6 / 33

  7. Content Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 7 / 33

  8. RIS Whois Routing Information Service (RIS) Updated every 8 hours 193.0.19.19 route: 193.0.18.0/23 origin: AS3333 descr: RIPE-NCC-AS RIPE Network Coordination Centre lastupd-frst: 2010-06-21 15:10Z 198.32.176.24@rrc14 lastupd-last: 2010-08-31 22:48Z 198.32.160.187@rrc11 seen-at: rrc00,rrc01,rrc03,rrc04,rrc05,rrc06,rrc07,[...] num-rispeers: 102 source: RISWHOIS Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 8 / 33

  9. Whois More information (owner) Many, incompatible, databases Find the right server Deactivated by default Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 9 / 33

  10. Datasets Used is the system now: ◮ abuse.ch ZeuS Tracker ◮ Dshield (Top IPs and Daily) Other modules available: ◮ Arbor ATLAS/Active Threat Feed ◮ Shadowserver (three lists) ◮ Abusix Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 10 / 33

  11. Content Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 11 / 33

  12. Mitigation Blackholing ◮ From the AS (Command & Control Server) AS 1 AS 2 ◮ To the AS (Phishing, keylogger) AS 1 AS 2 Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 12 / 33

  13. Information Alert the user Contact the provider Contact the authorities History Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 13 / 33

  14. Content Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 14 / 33

  15. High-level view Aggregation 1 datasets 2 RIS Whois and Whois entries Ranking by Autonomous System Number R = 1 + ( SUM ( IPs ∗ s _ impact ) ∗ SUM ( vote )) AS _ size IPs all the IPs from the ASN, by sources. s_impact value assigned to the source vote vote against this AS (actually not implemented) AS_size total of IPs Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 15 / 33

  16. Source 3 -> mix of sources Source 1 Source 2 Dataset: -> honeypots -> DNS sinkhole X.Y.Z.44 X.Y.Z.45 Dataset: Dataset: X.Y.Z.45 X.Y.Z.44 X.Y.Z.80 X.Y.Z.80 X.Y.Z.80 X.Y.Z.222 X.Y.Z.250 X.Y.Z.222 X.Y.Z.250 Impact: 2 Impact: 1 Impact: 10 IS Ranking System IPs: X.Y.Z.44 -> 1 + 10 X.Y.Z.45 -> 2 + 10 X.Y.Z.80 -> 1 + 2 + 10 ISP 3 X.Y.Z.222 -> 2 + 10 Get whois objects Vote: Whois Servers X.Y.Z.250 -> 1 + 10 for the IPs ASN 1 is bad => 59 ISP 3 voted against ASN 1. ISP 1 ASN 1 announce 256 IPs. Announce ASNs: 1 -> X.Y.Z.0/24 Ranking = 1 + 59 * 2 / 256 = 1.46 2 -> A.B.C.0/24 SO 42 Announce ASNs: SO 42 see that he is announcing ISP 2 1 -> X.Y.Z.0/24 a suspicious ASN and can 2 -> A.B.C.0/24 Announce ASNs: investigate. 3 -> D.E.F.0/24 3 -> D.E.F.0/24 4 -> G.H.I.0/24 4 -> G.H.I.0/24 Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 16 / 33 Figure: High level

  17. Content Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 17 / 33

  18. Input Server get the new entries Modules db_input Push into MySQL Input database Redis 1 Client Keys: uid: set of unique identifiers (new entries) <uid>:<key>: Information for the new entries MySQL Ranking Figure: Input of new information Modules push the information into redis A “reader” push them into MySQL Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 18 / 33

  19. Get the IPs without ASN Get RIS Whois Push the IPs not found Commit new information entries in the cache database Pop RIS Whois MySQL Redis query Ranking 0 Ask periodically for Temporary db each entry without ASN Contains RIS Whois queries Key: a set called ris Push the Whois Feching RIS Whois Entry Redis Fetch the RIS Whois Entry 1 Cache db Contains RIS Whois Entries Keys: <IP> riswhois.ripe.net Figure: RIS Whois fetching Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 19 / 33

  20. Ranking Ranking Fetch bview file riswhois.ripe.net If new, moved it in a directory Directory Fetching Mysql Extract the Ranking announces Push routing information Ranking Redis Mysql Preparation 3 Voting Keys: sets, ASN Values: Subnets Figure: Ranking Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 20 / 33

  21. Modules - Input API Supported information: ◮ Always: IP and Source ◮ If possible: Timestamp ◮ Sometimes: Infections type, raw field Multiprocessing Format: ◮ < UID > : < FIELD > ◮ List of UID Interest: No limitations on the type of the sources Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 21 / 33

  22. Content Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 22 / 33

  23. Global Ranking ASN AS Description Comments 65024 -Private Use AS- Private AS Origin: 8551 BEZEQ-INTERNATIONAL Configuration problem ? Odd. 50693 No description, 178.20.200.0/21 Dusan Bajic, Serbia not a good sign. 29436 ASN-IMPERIAL Imperial ISP 193.238.36.0/22 Buryanov K. Volodimirovich, Ukraine 21342 AKAMAI-ASN2 193.108.88.0/24 - 193.108.91.0/24 Akamai Technologies AS Noam Freedman, Cambridge - False positive? 131089 Same as 50693 61.19.64.0/22 Kitti Srikate Srikate, Thailand 40427 IRONPORT-SYSTEMS-CI365 False positive, I hope so... :) All the sources are merged Some false positives / odd entries (Dshield Daily) Small subnets Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 23 / 33

  24. Ranking: Dshield Top IPs ASN AS Description Comments 45847 NSTRU-AS-AP, university network 202.29.33.0/24 Nakornsitammarat Watcharapong Sanguankum, Thailand 48061 RUTUBE-AS CJSC RuTube 194.190.76.0/23 - 91.207.58.0/23 RuTube NCC, Moscow 46940 IAC-VZ-ABOVENET-BGP 63.119.10.0/23 IAC/INTERACTIVECORP http://www.iac.com/ 39660 NETTRANS-AS Integrated Announce 15872 IPv4 Transport Network, Ltd. AS Svjatoslav Komarov, Russian Federation 36493 36493295CA-TOR-ASN Announce 20992 IPv4 3757277 Canada Inc. TOR(onto) :) Contains the 100 IPs found the most often in the daily list Note: the same IP found more than one time in a dataset is skipped Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 24 / 33

  25. Ranking: Zeustracker ASN AS Description Comments 34528 YALTAINFO-AS 193.41.38.0/24 YaltaInfo ISP Rostislav Sokolov, Ukraine 50134 SOFTEL 193.104.146.0/24 Softel Consulting s.r.o. Milan Puzik, Czech Republic 50793 ALFAHOSTNET 193.105.207.0/24 Alfa-Host LLP. Romanov Artem Alekseevich, Kazakhstan 48876 INTERA-AS 194.79.250.0/23 Takomi Ltd Alexey Tingaev, Russia 43181 K2K-AS 193.27.232.0/23 Contel 2000 Ltd. Dmitry Ermolaev, Russia 25052 ORION-AS 193.201.192.0/23 ORION ISP Alik Grigorchook, Ukraine ... :-) Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 25 / 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Online Submodular Set Cover, Ranking, and Repeated Active Learning Online Ranking: At each round,

Online Submodular Set Cover, Ranking, and Repeated Active Learning Online Ranking: At each round,

Online Submodular Set Cover, Ranking, and Repeated Active Learning Online Ranking: At each round, the learner produces an ordered list of items, then suffers loss or receives reward. Example: search result ranking Display ranked results Get

162 views • 4 slides
Ranking candidate genes from Ranking candidate genes from perturbation experiments Niko

Ranking candidate genes from Ranking candidate genes from perturbation experiments Niko

Ranking candidate genes from Ranking candidate genes from perturbation experiments Niko Beerenwinkel Gene ranking Goal: Identify (or prioritize) genes that affect readout, i.e., are involved in biological process of interest i l d i bi

433 views • 19 slides
Tutorial: TF-Ranking for sparse features Tutorial: TF-Ranking for sparse features This tutorial

Tutorial: TF-Ranking for sparse features Tutorial: TF-Ranking for sparse features This tutorial

Tutorial: TF-Ranking for sparse features Tutorial: TF-Ranking for sparse features This tutorial is an end-to-end walkthrough of training a TensorFlow Ranking (TF-Ranking) neural network model which incorporates sparse textual features.

257 views • 24 slides
Easy and Hard Outline Constraint Ranking in OT The Constraint Ranking problem Making fast

Easy and Hard Outline Constraint Ranking in OT The Constraint Ranking problem Making fast

Easy and Hard Outline Constraint Ranking in OT The Constraint Ranking problem Making fast ranking faster Jason Eisner Extension: Considering all competitors U. of Rochester How hard is OT generation? Making slow ranking

288 views • 6 slides
1 Similarity ranking: example Weighted scoring with linear combination A simple weighted

1 Similarity ranking: example Weighted scoring with linear combination A simple weighted

Table of Content Weighted scoring for ranking Learning to rank: A simple example Learning to ranking as classification Ranking and Learning 290N UCSB, Tao Yang, 2013 Partially based on Manning, Raghavan, and Schtzes text book.

476 views • 8 slides
Statistical Ranking Problem Tong Zhang Statistics Department, Rutgers University Ranking

Statistical Ranking Problem Tong Zhang Statistics Department, Rutgers University Ranking

Statistical Ranking Problem Tong Zhang Statistics Department, Rutgers University Ranking Problems Rank a set of items and display to users in corresponding order. Two issues: performance on top and dealing with large search space.

319 views • 29 slides
KNN and re ranking models for English KNN and re-ranking models for English patent mining at

KNN and re ranking models for English KNN and re-ranking models for English patent mining at

KNN and re ranking models for English KNN and re-ranking models for English patent mining at NTCIR-7 p g Tong Xiao, Feifei Cao, Tianning Li, Guolong Song, Ke Zhou, Jingbo Zhu and Huizhen Wang Zhu and Huizhen Wang Natural Language Processing

317 views • 31 slides
1 So, similarity is not a Boolean notion It is Similarity Are they similar? relatively

1 So, similarity is not a Boolean notion It is Similarity Are they similar? relatively

Ranking Ordering according to the degree of some fuzzy notions: Ranking and Preference in Similarity (or dissimilarity) Relevance Database Search: Preference Q a) Similarity and Relevance Kevin Chen-Chuan Chang ranking 2

544 views • 16 slides
PRanking with Ranking Koby Crammer Technion Israel Institute of Technology Based on joint

PRanking with Ranking Koby Crammer Technion Israel Institute of Technology Based on joint

PRanking with Ranking Koby Crammer Technion Israel Institute of Technology Based on joint work with Yoram Singer at the Hebrew University of Jerusalem Problem Machine Prediction Users Rating Ranking 3 3 0 3 1 Loss Ranking

596 views • 41 slides
Online Ranking Combination Erzs ebet Frig o Institute for Computer Science and Control (MTA

Online Ranking Combination Erzs ebet Frig o Institute for Computer Science and Control (MTA

Online Ranking Combination Erzs ebet Frig o Institute for Computer Science and Control (MTA SZTAKI) Joint work with Levente Kocsis Overview Framework: prequential ranking evaluation Goal: optimize convex combination of ranking

407 views • 24 slides
Kernel Principal Component Ranking: Robust Ranking on Noisy Data Evgeni Tsivtsivadze Botond

Kernel Principal Component Ranking: Robust Ranking on Noisy Data Evgeni Tsivtsivadze Botond

Kernel Principal Component Ranking: Robust Ranking on Noisy Data Evgeni Tsivtsivadze Botond Cseke Tom Heskes Institute for Computing and Information Sciences, Radboud University Nijmegen, Toernooiveld 1, 6525 ED Nijmegen, The Netherlands

428 views • 20 slides
Ranking Related News Predictions Nattiya Kanhabua 1 , Roi Blanco 2 and Michael Matthews 2 1

Ranking Related News Predictions Nattiya Kanhabua 1 , Roi Blanco 2 and Michael Matthews 2 1

Ranking Related News Predictions Ranking Related News Predictions Nattiya Kanhabua 1 , Roi Blanco 2 and Michael Matthews 2 1 Norwegian University of Science and Tech., Norway 2 Yahoo! Research, Barcelona, Spain SIGIR2011, Beijing Ranking

776 views • 62 slides
+ Ranking Factor Latest Trends What factors matter in 2016-2017 for ranking your Google

+ Ranking Factor Latest Trends What factors matter in 2016-2017 for ranking your Google

+ Ranking Factor Latest Trends What factors matter in 2016-2017 for ranking your Google Business page and your website? + Largest Study of Local SEO Factors n One study looked at 100+ factors across 30,000 businesses n three variations of

1.27k views • 21 slides
Spectral Method and Regularized MLE Are Both Optimal for Top- K Ranking Cong Ma ORFE, Princeton

Spectral Method and Regularized MLE Are Both Optimal for Top- K Ranking Cong Ma ORFE, Princeton

Spectral Method and Regularized MLE Are Both Optimal for Top- K Ranking Cong Ma ORFE, Princeton University Joint work with Yuxin Chen, Jianqing Fan and Kaizheng Wang Ranking A fundamental problem in a wide range of contexts web search,

856 views • 36 slides
Spectral Method and Regularized MLE Are Both Optimal for Top- K Ranking Yuxin Chen Electrical

Spectral Method and Regularized MLE Are Both Optimal for Top- K Ranking Yuxin Chen Electrical

Spectral Method and Regularized MLE Are Both Optimal for Top- K Ranking Yuxin Chen Electrical Engineering, Princeton University Joint work with Jianqing Fan, Cong Ma and Kaizheng Wang Ranking A fundamental problem in a wide range of contexts

408 views • 36 slides
Fairness and Transparency in Ranking Carlos Castillo / UPF chato@acm.org Data and Algorithmic

Fairness and Transparency in Ranking Carlos Castillo / UPF chato@acm.org Data and Algorithmic

Fairness and Transparency in Ranking Carlos Castillo / UPF chato@acm.org Data and Algorithmic Bias Workshop (DAB) at CIKM'18 Turin, Italy, 2018-10-22 Ranking in IR Objective : provide maximum relevance to searche r Order by decreasing

1.01k views • 62 slides
LACNIC LACNIC Regional Registry at your services Regional Registry at your services

LACNIC LACNIC Regional Registry at your services Regional Registry at your services

LACNIC LACNIC Regional Registry at your services Regional Registry at your services Sergio Rojas. Sergio Rojas. sergio@lacnic.net sergio@lacnic.net How the Internet work? Is a network of connected devices The

617 views • 16 slides
Internet Resource Certification (RPKI) Building a More Secure Internet Sint-Maarten Internet Week

Internet Resource Certification (RPKI) Building a More Secure Internet Sint-Maarten Internet Week

Internet Resource Certification (RPKI) Building a More Secure Internet Sint-Maarten Internet Week Carlos Mar2nez Cagnazzo carlos @ lacnic.net A9acks on rou;ng: IP hijacks How Internet number resources are managed IANA ARIN LACNIC APNIC

788 views • 31 slides
BGP FlowSpec extensions for Routing Policy Distribution(RPD) draft-li-idr-flowspec-rpd-01

BGP FlowSpec extensions for Routing Policy Distribution(RPD) draft-li-idr-flowspec-rpd-01

BGP FlowSpec extensions for Routing Policy Distribution(RPD) draft-li-idr-flowspec-rpd-01 Zhenbin Li(lizhenbin@huawei.com) Liang Ou(oul@gsta.com) Yujia Luo(luoyuj@gsta.com) Sujian Lu(jasonlu@tencent.com) Shunwan

575 views • 13 slides
A Back-end System for an Autonomous Parking and Charging System for Electric Vehicles Julian

A Back-end System for an Autonomous Parking and Charging System for Electric Vehicles Julian

Institute of Operating Systems and Computer Networks A Back-end System for an Autonomous Parking and Charging System for Electric Vehicles Julian Timpner, Lars Wolf IEVC 2012 Motivation Software Architecture Conclusion V-Charge Project

462 views • 25 slides
Verification of Robotics and Autonomous Deep Learning Verification Systems Safety Definition

Verification of Robotics and Autonomous Deep Learning Verification Systems Safety Definition

Verification of Robotics and Autonomous Systems Xiaowei Huang Challenges Verification of Robotics and Autonomous Deep Learning Verification Systems Safety Definition Challenges Approaches Experimental Results Verification in Xiaowei

1.21k views • 99 slides
IP Int nter ernet networ orking king 1 Internetworking Arbitrary collection of physical

IP Int nter ernet networ orking king 1 Internetworking Arbitrary collection of physical

CMPE 252A: Computer Networks Set 9a : IP Int nter ernet networ orking king 1 Internetworking Arbitrary collection of physical networks interconnected to provide an end-to-end (host-to- host) packet delivery service. Networks

412 views • 13 slides
Improvement of Content Server with Contents Anycasting Using OpenFlow Othman Othman M.M. 1 , Koji

Improvement of Content Server with Contents Anycasting Using OpenFlow Othman Othman M.M. 1 , Koji

Improvement of Content Server with Contents Anycasting Using OpenFlow Othman Othman M.M. 1 , Koji Okamura 2 1 Department of Advanced Information Technology, Graduate school of Information Science and Electrical Engineering, Kyushu University.

232 views • 8 slides
Modelling and Simulation and Wargaming to support concept development of Autonomous Systems in

Modelling and Simulation and Wargaming to support concept development of Autonomous Systems in

IT 2 EC 2020 IT 2 EC Extended Abstract Template Presentation/Panel Modelling and Simulation and Wargaming to support concept development of Autonomous Systems in Harbour Protection Lucia Gazzaneo 1 , David Solarna 2 , Alberto Tremori 3 , Arnau

269 views • 6 slides

More recommend