Home Potential Prefix Hijacks Potential Sub-Prefix Hijacks Alert Notification Forum Hijack Search

The IAR has not had any active feeds for months, and as such is not active. The forums remain for archival purposes.

Welcome

The Internet Alert Registry (IAR) provides the network operator community with up to date BGP (Border Gateway Protocol) routing security information. The IAR uses the methods described in PGBGP to identify advertised routes that are potentially bogus. This method uses route history information to determine prefix ownership, as opposed to using stale registry data. The routes are cataloged on this site and made searchable for public use.



Route Classification

Prefix Hijack: Typically, an Autonomous System (AS) will originate the prefixes that it legitimately owns. Occassionally an AS might accidentally or maliciously originate another AS's prefix. When an AS announces a prefix not recently announced at that AS, it is considered suspicious and added to the IAR.

Sub-prefix Hijack: If a prefix is announced that has not been recently seen it is either in new address space, a more specific net, or a less specific net. If it is a more specific net, it could steal traffic meant for the less specific prefix and is considered suspicious.

Exceptions: If the AS Path of the suspected hijack contains a trusted owner for the prefix/sub-prefix in question then the route is not considered suspicious as it will route to the trusted origin before it reaches the suspicious origin


This material is based upon work supported by the National Science Foundation under Grant No. 0311686. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.