Security

Pages in this section

  • Access control list (ACL) filters
    Last edited: 2026-02-05

    Access control list (ACL) filters

    Access Control List filters are deployed by ISPs or IXPs at their AS border routers to filter out unwanted traffic. These filters, whose implementation depends on vendor-specific hardware, are effective when the hardware is homogeneous, and the deployment of the filters can be automated. The drawbacks of these filters include limited scalability, and since the filtering does not occur at the ingress points, it can exhaust the bandwidth to a neighbouring AS.

  • Angur
    Last edited: 2026-02-05

    Angur

    This is a system that monitors for censorship through connectivity disruptions. It uses two internet protocols:

  • ARTEMIS
    Last edited: 2026-02-05

    ARTEMIS

    ARTEMIS is a system designed to detect and mitigate BGP Hijacking , operated locally by network operators to protect their own prefixes. The system is based on several key ideas and can be found in this paper .

  • BGP Blackholing
    Last edited: 2026-02-05

    BGP Blackholing

    This is a method of initiating blackholing in the event of a DDoS attack using an upstream service.

  • BGP Flowspec
    Last edited: 2026-02-05

    BGP Flowspec

    BGP Flowspec is an extension of BGP designed to allow the creation and propagation of detailed traffic flow filtering rules. These rules can be applied across different ASs .

  • BGP Hijacking
    Last edited: 2026-02-05

    BGP Hijacking

    This is a class of attacks that use the BGP protocol as its method of attack. This falls into 3 categories:

  • BGP squatting
    Last edited: 2026-02-05

    BGP squatting

    This is a form of BGP Hijacking where the attacking AS announces a prefix before the genuine AS does - thus becoming the de facto route. This disrupts the flow of traffic to the intended AS .

  • Blackholing (BH)
    Last edited: 2026-02-05

    Blackholing

    This is when a server drops messages either intended for itself or another server. This is done in case of a DDoS attack to protect the service being attacked. Though it can be used for malicious purposes as well in the case of a Blackholing attack .

  • Blackholing attack
    Last edited: 2026-02-05

    Blackholing attack

    This is a form of BGP Hijacking where an attacking AS intercepts messages between two parties and drops the messages.

  • DDoS reflection and amplification
    Last edited: 2026-02-05

    DDoS reflection and amplification

    Instead of attacking your target directly in DDoS attack - you can instead find legitimate services that respond to requests (for example when opening a TCP connection). You can make requests to such services where you spoof the source IP as your target. This has two advantages:

  • Distributed Denial-of-Service (DDoS)
    Last edited: 2026-02-05

    Distributed Denial-of-Service (DDoS)

    This is an attack against a service where you flood it with requests that it cannot handle. This causes the service to crash, denying access to it for other users. DDoS Diagram The diagram demonstrates the simplest form of attack, but this has many variants such as Spoofing and DDoS reflection and amplification .

  • Exact prefix hijacking
    Last edited: 2026-02-05

    Exact prefix hijacking

    This is a form of BGP Hijacking where the attacking AS announces a path for the same prefix as a genuine AS . This disrupts the flow of traffic to the intended AS .

  • Imposture attack (IM)
    Last edited: 2026-02-05

    Imposture attack (IM)

    This is a form of BGP Hijacking where an attacking AS intercepts messages between two parties and continues the conversation pretending to be one of the parties.

  • Iris
    Last edited: 2026-02-05

    Iris

    This is a system that detects DNS censorship . It does this by comparing the responses of open DNS resolvers on the internet. This is done in a multi-step process as shown below. Iris Methodology This first looks for open DNS resolvers that are part of the internet infrastructure (i.e. not home routers that are sometimes open due to misconfiguration).

  • Man-in-the-middle attack (MM)
    Last edited: 2026-02-05

    Man-in-the-middle attack (MM)

    This is a form of BGP Hijacking where an attacking AS intercepts messages between two parties and reads or manipulates the messages before passing them on.

  • Spoofing
    Last edited: 2026-02-05

    Spoofing

    Spoofing is the process of replacing the IP source field of a request.

  • Sub-prefix hijacking
    Last edited: 2026-02-05

    Sub-prefix hijacking

    This is a form of BGP Hijacking where the attacking AS announces a sub-path for a prefix a genuine AS announced. This will be preferentially used as it is a more precise prefix. This disrupts the flow of traffic to the intended AS .

  • Traffic Scrubbing Service
    Last edited: 2026-02-05

    Traffic Scrubbing Services

    A scrubbing service diverts the incoming traffic to a specialised server, where the traffic is “scrubbed” into either clean or unwanted traffic. The clean traffic is then sent to its original destination. This offers fine-grained filtering but at a high monetary and bandwidth cost.

  • Type-0 hijacking
    Last edited: 2026-02-05

    Type-0 hijacking

    This is a form of BGP Hijacking where the attacking AS announces a prefix not owned by itself.

  • Type-N hijacking
    Last edited: 2026-02-05

    Type-N hijacking

    This is a form of BGP Hijacking where the attacking AS announces an illegitimate path for a prefix that it does not own to create a fake route between different AS’s . For example, {AS2, ASx, ASy, AS1 – 10.0.0.0/23} denotes a fake path between AS2 and AS1, where there is no link between AS2 and ASx. The N denotes the position of the rightmost fake link in the illegitimate announcement, e.g. {AS2, ASx, ASy, AS1 – 10.0.0.0/23} is a Type-2 hijacking.

  • Type-U hijacking
    Last edited: 2026-02-05

    Type-U hijacking

    This is a type of BGP Hijacking where the attacking AS changes a routes prefix - so messages get routed incorrectly.