Fall 2006 Internet2 Member Meeting

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Route Injection and the Backtrackability of Cyber Misbehavior

Time 12/05/06 04:30PM-05:30PM

Session Abstract

A fundamental component of cyber incident investigation is attributing network traffic to a responsible party. In most cases, an analyst begins the process of 'working back upstream' by checking whois/rwhois to find who has a particular IP address block. Unfortunately, it is currently possible for miscreants to route network address space that's not theirs, thereby hindering backtracking and potentially causing misattribution of cyber incidents. This talk will discuss both traditional static hijacking of small prefixes, as well as the more recent phenomena of miscreants dynamically announcing, exploiting, and then withdrawing larger covering prefixes. Policy implications, data sources and approaches to identifying and dealing with these threats, as well as some recommended best practices, will also be covered.


Speaker Joe St Sauver Internet2/University of Oregon

Presentation Media

Secondary tracks Network Planning and Engineering System and Network Security for Advanced Networks

gold Sponsors

silver Sponsors

bronze Sponsors

supporter Sponsors

Food and Beverage Sponsors