bgp as isp security ranking
play

BGP AS / ISP Security Ranking Raphal Vinot raphael.vinot@gmail.com - PowerPoint PPT Presentation

Aug 27, 2022 •433 likes •771 views

BGP AS / ISP Security Ranking Raphal Vinot raphael.vinot@gmail.com Conostix Workshop Hack.lu 2010 Raphal Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 1 / 33 Table of contents Introduction 1 Basics terms Resources

  1. BGP AS / ISP Security Ranking Raphaël Vinot raphael.vinot@gmail.com Conostix Workshop Hack.lu 2010 Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 1 / 33

  2. Table of contents Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 2 / 33

  3. Content Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 3 / 33

  4. Basics terms What is the Border Gateway Protocol (BGP) ? What is an Autonomous System (AS) ? Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 4 / 33

  5. Border Gateway Protocol (BGP) Routing protocol of the Internet Associate Autonomous Systems and Networks Use policies (QoS and security) Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 5 / 33

  6. Autonomous System (AS) Identify operators without using IPs One or more subnet for each ASN Assignation: IANA, RIR and LIR Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 6 / 33

  7. Content Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 7 / 33

  8. RIS Whois Routing Information Service (RIS) Updated every 8 hours 193.0.19.19 route: 193.0.18.0/23 origin: AS3333 descr: RIPE-NCC-AS RIPE Network Coordination Centre lastupd-frst: 2010-06-21 15:10Z 198.32.176.24@rrc14 lastupd-last: 2010-08-31 22:48Z 198.32.160.187@rrc11 seen-at: rrc00,rrc01,rrc03,rrc04,rrc05,rrc06,rrc07,[...] num-rispeers: 102 source: RISWHOIS Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 8 / 33

  9. Whois More information (owner) Many, incompatible, databases Find the right server Deactivated by default Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 9 / 33

  10. Datasets Used is the system now: ◮ abuse.ch ZeuS Tracker ◮ Dshield (Top IPs and Daily) Other modules available: ◮ Arbor ATLAS/Active Threat Feed ◮ Shadowserver (three lists) ◮ Abusix Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 10 / 33

  11. Content Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 11 / 33

  12. Mitigation Blackholing ◮ From the AS (Command & Control Server) AS 1 AS 2 ◮ To the AS (Phishing, keylogger) AS 1 AS 2 Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 12 / 33

  13. Information Alert the user Contact the provider Contact the authorities History Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 13 / 33

  14. Content Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 14 / 33

  15. High-level view Aggregation 1 datasets 2 RIS Whois and Whois entries Ranking by Autonomous System Number R = 1 + ( SUM ( IPs ∗ s _ impact ) ∗ SUM ( vote )) AS _ size IPs all the IPs from the ASN, by sources. s_impact value assigned to the source vote vote against this AS (actually not implemented) AS_size total of IPs Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 15 / 33

  16. Source 3 -> mix of sources Source 1 Source 2 Dataset: -> honeypots -> DNS sinkhole X.Y.Z.44 X.Y.Z.45 Dataset: Dataset: X.Y.Z.45 X.Y.Z.44 X.Y.Z.80 X.Y.Z.80 X.Y.Z.80 X.Y.Z.222 X.Y.Z.250 X.Y.Z.222 X.Y.Z.250 Impact: 2 Impact: 1 Impact: 10 IS Ranking System IPs: X.Y.Z.44 -> 1 + 10 X.Y.Z.45 -> 2 + 10 X.Y.Z.80 -> 1 + 2 + 10 ISP 3 X.Y.Z.222 -> 2 + 10 Get whois objects Vote: Whois Servers X.Y.Z.250 -> 1 + 10 for the IPs ASN 1 is bad => 59 ISP 3 voted against ASN 1. ISP 1 ASN 1 announce 256 IPs. Announce ASNs: 1 -> X.Y.Z.0/24 Ranking = 1 + 59 * 2 / 256 = 1.46 2 -> A.B.C.0/24 SO 42 Announce ASNs: SO 42 see that he is announcing ISP 2 1 -> X.Y.Z.0/24 a suspicious ASN and can 2 -> A.B.C.0/24 Announce ASNs: investigate. 3 -> D.E.F.0/24 3 -> D.E.F.0/24 4 -> G.H.I.0/24 4 -> G.H.I.0/24 Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 16 / 33 Figure: High level

  17. Content Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 17 / 33

  18. Input Server get the new entries Modules db_input Push into MySQL Input database Redis 1 Client Keys: uid: set of unique identifiers (new entries) <uid>:<key>: Information for the new entries MySQL Ranking Figure: Input of new information Modules push the information into redis A “reader” push them into MySQL Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 18 / 33

  19. Get the IPs without ASN Get RIS Whois Push the IPs not found Commit new information entries in the cache database Pop RIS Whois MySQL Redis query Ranking 0 Ask periodically for Temporary db each entry without ASN Contains RIS Whois queries Key: a set called ris Push the Whois Feching RIS Whois Entry Redis Fetch the RIS Whois Entry 1 Cache db Contains RIS Whois Entries Keys: <IP> riswhois.ripe.net Figure: RIS Whois fetching Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 19 / 33

  20. Ranking Ranking Fetch bview file riswhois.ripe.net If new, moved it in a directory Directory Fetching Mysql Extract the Ranking announces Push routing information Ranking Redis Mysql Preparation 3 Voting Keys: sets, ASN Values: Subnets Figure: Ranking Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 20 / 33

  21. Modules - Input API Supported information: ◮ Always: IP and Source ◮ If possible: Timestamp ◮ Sometimes: Infections type, raw field Multiprocessing Format: ◮ < UID > : < FIELD > ◮ List of UID Interest: No limitations on the type of the sources Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 21 / 33

  22. Content Introduction 1 Basics terms Resources Usage of a Ranking system Implementation 2 Highlight Differents parts of the program Examples (23/10/10) 3 Results BGP Ranking Other source & Comparison Conclusion Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 22 / 33

  23. Global Ranking ASN AS Description Comments 65024 -Private Use AS- Private AS Origin: 8551 BEZEQ-INTERNATIONAL Configuration problem ? Odd. 50693 No description, 178.20.200.0/21 Dusan Bajic, Serbia not a good sign. 29436 ASN-IMPERIAL Imperial ISP 193.238.36.0/22 Buryanov K. Volodimirovich, Ukraine 21342 AKAMAI-ASN2 193.108.88.0/24 - 193.108.91.0/24 Akamai Technologies AS Noam Freedman, Cambridge - False positive? 131089 Same as 50693 61.19.64.0/22 Kitti Srikate Srikate, Thailand 40427 IRONPORT-SYSTEMS-CI365 False positive, I hope so... :) All the sources are merged Some false positives / odd entries (Dshield Daily) Small subnets Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 23 / 33

  24. Ranking: Dshield Top IPs ASN AS Description Comments 45847 NSTRU-AS-AP, university network 202.29.33.0/24 Nakornsitammarat Watcharapong Sanguankum, Thailand 48061 RUTUBE-AS CJSC RuTube 194.190.76.0/23 - 91.207.58.0/23 RuTube NCC, Moscow 46940 IAC-VZ-ABOVENET-BGP 63.119.10.0/23 IAC/INTERACTIVECORP http://www.iac.com/ 39660 NETTRANS-AS Integrated Announce 15872 IPv4 Transport Network, Ltd. AS Svjatoslav Komarov, Russian Federation 36493 36493295CA-TOR-ASN Announce 20992 IPv4 3757277 Canada Inc. TOR(onto) :) Contains the 100 IPs found the most often in the daily list Note: the same IP found more than one time in a dataset is skipped Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 24 / 33

  25. Ranking: Zeustracker ASN AS Description Comments 34528 YALTAINFO-AS 193.41.38.0/24 YaltaInfo ISP Rostislav Sokolov, Ukraine 50134 SOFTEL 193.104.146.0/24 Softel Consulting s.r.o. Milan Puzik, Czech Republic 50793 ALFAHOSTNET 193.105.207.0/24 Alfa-Host LLP. Romanov Artem Alekseevich, Kazakhstan 48876 INTERA-AS 194.79.250.0/23 Takomi Ltd Alexey Tingaev, Russia 43181 K2K-AS 193.27.232.0/23 Contel 2000 Ltd. Dmitry Ermolaev, Russia 25052 ORION-AS 193.201.192.0/23 ORION ISP Alik Grigorchook, Ukraine ... :-) Raphaël Vinot (Conostix) BGP AS / ISP Security Ranking Hack.lu 2010 25 / 33

Recommend

Online Submodular Set Cover, Ranking, and Repeated Active Learning Online Ranking: At each round,

Online Submodular Set Cover, Ranking, and Repeated Active Learning Online Ranking: At each round,

Online Submodular Set Cover, Ranking, and Repeated Active Learning Online Ranking: At each round, the learner produces an ordered list of items, then suffers loss or receives reward. Example: search result ranking Display ranked results Get

162 views • 4 slides
Ranking candidate genes from Ranking candidate genes from perturbation experiments Niko

Ranking candidate genes from Ranking candidate genes from perturbation experiments Niko

Ranking candidate genes from Ranking candidate genes from perturbation experiments Niko Beerenwinkel Gene ranking Goal: Identify (or prioritize) genes that affect readout, i.e., are involved in biological process of interest i l d i bi

433 views • 19 slides
Tutorial: TF-Ranking for sparse features Tutorial: TF-Ranking for sparse features This tutorial

Tutorial: TF-Ranking for sparse features Tutorial: TF-Ranking for sparse features This tutorial

Tutorial: TF-Ranking for sparse features Tutorial: TF-Ranking for sparse features This tutorial is an end-to-end walkthrough of training a TensorFlow Ranking (TF-Ranking) neural network model which incorporates sparse textual features.

257 views • 24 slides
Easy and Hard Outline Constraint Ranking in OT The Constraint Ranking problem Making fast

Easy and Hard Outline Constraint Ranking in OT The Constraint Ranking problem Making fast

Easy and Hard Outline Constraint Ranking in OT The Constraint Ranking problem Making fast ranking faster Jason Eisner Extension: Considering all competitors U. of Rochester How hard is OT generation? Making slow ranking

288 views • 6 slides
1 Similarity ranking: example Weighted scoring with linear combination A simple weighted

1 Similarity ranking: example Weighted scoring with linear combination A simple weighted

Table of Content Weighted scoring for ranking Learning to rank: A simple example Learning to ranking as classification Ranking and Learning 290N UCSB, Tao Yang, 2013 Partially based on Manning, Raghavan, and Schtzes text book.

476 views • 8 slides
Statistical Ranking Problem Tong Zhang Statistics Department, Rutgers University Ranking

Statistical Ranking Problem Tong Zhang Statistics Department, Rutgers University Ranking

Statistical Ranking Problem Tong Zhang Statistics Department, Rutgers University Ranking Problems Rank a set of items and display to users in corresponding order. Two issues: performance on top and dealing with large search space.

319 views • 29 slides
KNN and re ranking models for English KNN and re-ranking models for English patent mining at

KNN and re ranking models for English KNN and re-ranking models for English patent mining at

KNN and re ranking models for English KNN and re-ranking models for English patent mining at NTCIR-7 p g Tong Xiao, Feifei Cao, Tianning Li, Guolong Song, Ke Zhou, Jingbo Zhu and Huizhen Wang Zhu and Huizhen Wang Natural Language Processing

317 views • 31 slides
1 So, similarity is not a Boolean notion It is Similarity Are they similar? relatively

1 So, similarity is not a Boolean notion It is Similarity Are they similar? relatively

Ranking Ordering according to the degree of some fuzzy notions: Ranking and Preference in Similarity (or dissimilarity) Relevance Database Search: Preference Q a) Similarity and Relevance Kevin Chen-Chuan Chang ranking 2

544 views • 16 slides
PRanking with Ranking Koby Crammer Technion Israel Institute of Technology Based on joint

PRanking with Ranking Koby Crammer Technion Israel Institute of Technology Based on joint

PRanking with Ranking Koby Crammer Technion Israel Institute of Technology Based on joint work with Yoram Singer at the Hebrew University of Jerusalem Problem Machine Prediction Users Rating Ranking 3 3 0 3 1 Loss Ranking

596 views • 41 slides
Online Ranking Combination Erzs ebet Frig o Institute for Computer Science and Control (MTA

Online Ranking Combination Erzs ebet Frig o Institute for Computer Science and Control (MTA

Online Ranking Combination Erzs ebet Frig o Institute for Computer Science and Control (MTA SZTAKI) Joint work with Levente Kocsis Overview Framework: prequential ranking evaluation Goal: optimize convex combination of ranking

407 views • 24 slides
Kernel Principal Component Ranking: Robust Ranking on Noisy Data Evgeni Tsivtsivadze Botond

Kernel Principal Component Ranking: Robust Ranking on Noisy Data Evgeni Tsivtsivadze Botond

Kernel Principal Component Ranking: Robust Ranking on Noisy Data Evgeni Tsivtsivadze Botond Cseke Tom Heskes Institute for Computing and Information Sciences, Radboud University Nijmegen, Toernooiveld 1, 6525 ED Nijmegen, The Netherlands

428 views • 20 slides
Ranking Related News Predictions Nattiya Kanhabua 1 , Roi Blanco 2 and Michael Matthews 2 1

Ranking Related News Predictions Nattiya Kanhabua 1 , Roi Blanco 2 and Michael Matthews 2 1

Ranking Related News Predictions Ranking Related News Predictions Nattiya Kanhabua 1 , Roi Blanco 2 and Michael Matthews 2 1 Norwegian University of Science and Tech., Norway 2 Yahoo! Research, Barcelona, Spain SIGIR2011, Beijing Ranking

776 views • 62 slides
+ Ranking Factor Latest Trends What factors matter in 2016-2017 for ranking your Google

+ Ranking Factor Latest Trends What factors matter in 2016-2017 for ranking your Google

+ Ranking Factor Latest Trends What factors matter in 2016-2017 for ranking your Google Business page and your website? + Largest Study of Local SEO Factors n One study looked at 100+ factors across 30,000 businesses n three variations of

1.27k views • 21 slides
Spectral Method and Regularized MLE Are Both Optimal for Top- K Ranking Cong Ma ORFE, Princeton

Spectral Method and Regularized MLE Are Both Optimal for Top- K Ranking Cong Ma ORFE, Princeton

Spectral Method and Regularized MLE Are Both Optimal for Top- K Ranking Cong Ma ORFE, Princeton University Joint work with Yuxin Chen, Jianqing Fan and Kaizheng Wang Ranking A fundamental problem in a wide range of contexts web search,

856 views • 36 slides
Spectral Method and Regularized MLE Are Both Optimal for Top- K Ranking Yuxin Chen Electrical

Spectral Method and Regularized MLE Are Both Optimal for Top- K Ranking Yuxin Chen Electrical

Spectral Method and Regularized MLE Are Both Optimal for Top- K Ranking Yuxin Chen Electrical Engineering, Princeton University Joint work with Jianqing Fan, Cong Ma and Kaizheng Wang Ranking A fundamental problem in a wide range of contexts

408 views • 36 slides
Fairness and Transparency in Ranking Carlos Castillo / UPF chato@acm.org Data and Algorithmic

Fairness and Transparency in Ranking Carlos Castillo / UPF chato@acm.org Data and Algorithmic

Fairness and Transparency in Ranking Carlos Castillo / UPF chato@acm.org Data and Algorithmic Bias Workshop (DAB) at CIKM'18 Turin, Italy, 2018-10-22 Ranking in IR Objective : provide maximum relevance to searche r Order by decreasing

1.01k views • 62 slides
KEI INDUSTRIES LIMITED Major Highlights ET 500 dt 28.11.16 KEI ranking improve to 405

KEI INDUSTRIES LIMITED Major Highlights ET 500 dt 28.11.16 KEI ranking improve to 405

www.kei-ind.com KEI INDUSTRIES LIMITED Major Highlights ET 500 dt 28.11.16 KEI ranking improve to 405 against previous ranking 423 and before that 469 CARE Ltd has upgraded long term rating A- (A minus) from BBB+ and short term

445 views • 40 slides
Web Mining and Recommender Systems Advanced Recommender Systems: Bayesian Personalized Ranking

Web Mining and Recommender Systems Advanced Recommender Systems: Bayesian Personalized Ranking

Web Mining and Recommender Systems Advanced Recommender Systems: Bayesian Personalized Ranking Coming up Methodological papers Bayesian Personalized Ranking Factorizing Personalized Markov Chains Personalized Ranking Metric Embedding

1.14k views • 94 slides
Security researchers rely on top websites rankings We perform a comprehensive analysis on

Security researchers rely on top websites rankings We perform a comprehensive analysis on

T RANCO : A Research-Oriented Top Sites Ranking Hardened Against Manipulation Victor Le Pochat , Tom Van Goethem, Samaneh Tajalizadehkhoob, Maciej Korczyski, Wouter Joosen NDSS 2019 , 25 February 2019 Security researchers rely on top websites

590 views • 36 slides
Co nte nt-base d Onto lo g y Ranking Mathew Jones &amp; Harith Alani 9th Intl. Protg

Co nte nt-base d Onto lo g y Ranking Mathew Jones &amp; Harith Alani 9th Intl. Protg

Co nte nt-base d Onto lo g y Ranking Mathew Jones &amp; Harith Alani 9th Intl. Protg Conference - July 23-26, 2006 - Stanford, California Onto lo g y Ranking Is crucial for ontology search and reuse! Especially when there is a

622 views • 36 slides
Depth Estimation for Ranking Query Optimization KarlSchnaitter,UCSantaCruz

Depth Estimation for Ranking Query Optimization KarlSchnaitter,UCSantaCruz

Depth Estimation for Ranking Query Optimization KarlSchnaitter,UCSantaCruz JoshuaSpiegel,BEASystems,Inc. NeoklisPolyzotis,UCSantaCruz Relational Ranking Queries SELECT h.hid, r.rid, e.eid FROM Hotels h,

856 views • 33 slides
Outline Ranking and skyline Top- k algorithms Skyline algorithms Reconciling top-k

Outline Ranking and skyline Top- k algorithms Skyline algorithms Reconciling top-k

Data Mining Top-K and Skyline October 17, 2017 1 Outline Ranking and skyline Top- k algorithms Skyline algorithms Reconciling top-k and skyline 2 Ranking queries Who is the best NBA player? According to points : Tracy McGrady,

1.35k views • 82 slides
Self-Stabilizing Labeling and Ranking in Ordered Trees Ajoy K. Datta 1 ephane Devismes 2 St

Self-Stabilizing Labeling and Ranking in Ordered Trees Ajoy K. Datta 1 ephane Devismes 2 St

Introduction Labeling with Guide Pairs Application: Ranking Conclusion Self-Stabilizing Labeling and Ranking in Ordered Trees Ajoy K. Datta 1 ephane Devismes 2 St Lawrence L. Larmore 1 Yvan Rivierre 2 1 School of Computer Science, University

1k views • 71 slides
Learning to select for a predefined ranking Aleksei Ustimenko Alexander Vorobev Gleb Gusev

Learning to select for a predefined ranking Aleksei Ustimenko Alexander Vorobev Gleb Gusev

Learning to select for a predefined ranking Aleksei Ustimenko Alexander Vorobev Gleb Gusev Pavel Serdyukov From ranking to sorting Search engines typically order the items by some relevance score obtained from a ranker before presenting

311 views • 10 slides

More recommend