关键词: BGP前缀劫持, 互联网, 检测, MOAS

Abstract: Due to the vulnerability of BGP protocol, BGP prefix hijacking has long been a serious security threat to the Internet. Detection and analysis of large-scale prefix hijacking incidents is a very ne- cessary but challenging task. This paper takes the large-scale European route leakage incident leading to route hijacking in 2019 as a case, and develops an effective detection and analysis method based on public BGP data. The analysis results include the following: firstly, the "attacker" of this hijacking is AS21217, and AS4134 is the key point in the process of hijacking route transmission; secondly, the hijacking caused serious multi-source AS conflict and as-path PATH expansion; thirdly, the hijacking types of this event include hijacking prefix and tampering with AS path and hijacking subprefix and tampering with AS path; fourthly, 311 AS were detected to be infected, with the largest number of infected chains of length 4, and 28 118 prefix IP segments belonging to 3 895 AS became victims. At the same time, a visual system is implemented to show the global network situation when the hijacking occurred. On the one hand, these results are consistent with the results published by Oracle and other companies; on the other hand, more detailed experiments and supplements have been carried out in multiple directions.

Key words: BGP prefix hijacking, Internet, detecting, Multiple Origin AS