Research Commons
      • Browse 
        • Communities & Collections
        • Titles
        • Authors
        • By Issue Date
        • Subjects
        • Types
        • Series
      • Help 
        • About
        • Collection Policy
        • OA Mandate Guidelines
        • Guidelines FAQ
        • Contact Us
      • My Account 
        • Sign In
        • Register
      View Item 
      •   Research Commons
      • University of Waikato Theses
      • Masters Degree Theses
      • View Item
      •   Research Commons
      • University of Waikato Theses
      • Masters Degree Theses
      • View Item
      JavaScript is disabled for your browser. Some features of this site may not work without it.

      Measuring the effectiveness of routing defenses through the lens of DROP

      Oliver-Dowling, Leo
      Thumbnail
      Files
      thesis.pdf
      7.062Mb
      Permanent link to Research Commons version
      https://hdl.handle.net/10289/15230
      Abstract
      This work analyzes the properties of 712 prefixes that appeared in Spamhaus’ “Don’t Route Or Peer” (DROP) list over a nearly three-year period from June 2019 to March 2022. The 712 known abused prefixes are used as a lens to assess the current threat landscape and evaluate several of the leading rout- ing defense mechanisms. A thorough characterization of these 712 prefixes is performed and it is found that a larger fraction of the hijacked prefixes were from Regional Internet Registries (RIRs) with restrictive policies regarding Resource Public Key Infrastructure (RPKI) eligibility. It is also found that attackers were predominately targeting address space that was unrouted and not RPKI-signed. The work reveals that attackers were subverting multiple defenses against malicious use of address space, including creating fraudu- lent Internet Routing Registry records for prefixes shortly before using them. Other attackers disguised their activities by announcing routes with origin Autonomous Systems (ASes) consistent with historic route announcements, and in one case, with the Autonomous System Number (ASN) in a RPKI Route Origin Authorization. Finally, the work quantifies the substantial and actively-exploited surface in unrouted space, which warrants reconsideration of RPKI eligibility and policies by both operators and RIRs.
      Date
      2022
      Type
      Thesis
      Degree Name
      Master of Cyber Security (MCS)
      Supervisors
      Luckie, Matthew John
      Publisher
      The University of Waikato
      Rights
      All items in Research Commons are provided for private study and research purposes and are protected by copyright with all rights reserved unless otherwise indicated.
      Collections
      • Masters Degree Theses [2425]
      Show full item record  

      Usage

      Downloads, last 12 months
      64
       
       

      Usage Statistics

      For this itemFor all of Research Commons

      The University of Waikato - Te Whare Wānanga o WaikatoFeedback and RequestsCopyright and Legal Statement