Prefix Hijacking: The Internet's global routing system is built upon the Border Gateway Protocol (BGP). BGP breaks routing entities up into
logical nodes called Autonomous Systems (or ASes). Each of these ASes that offers connectivity to a set of IP addresses
advertises this by "announcing IP prefix(es)" to contiguous block(s) of addresses.
Modern BGP lacks any facility to authorize or limit the ability of any AS to announce any prefix. As a result,
any AS can advertize that they are the origin (or owner) AS of any prefix. This could result in a user's inability to reach
an important destincation (such as their bank's website), or the case in which a user is misdirected to a malicious server, etc.
This is known as prefix hijacking.
Community Feedback: BGP-Origins provides a framework in which users can use their own PGP/GPG keys to create
cryptographic signatures that attest to their opinion about whether a prefix/origin mapping is valid, or invalid. Anyone may query
the system (using any DNS client) to determine if there exist any user opinions about a given prefix. More detailed usage is explained
on our HOWTO page.
This framework further enables users to
create a list of "trust anchors" (or keys of people whose opinions matter to the user) and restrict the system's responses to
data that will be useful for each individual.
June 6, 2007:
BGP-Origins is presented at
June 5, 2007:
BGP-Origins goes live!