Survey on BGP prefix hijacking

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

This survey is part of a research effort by Pavlos Sermpezis at ICS-FORTH and Alberto Dainotti at CAIDA, UC San Diego, to study (a) the operators’ awareness of BGP prefix hijacking attacks, (b) presently used defenses (if any) against BGP prefix hijacking, (c) the willingness to adopt new defense mechanisms, and (d) reasons that may hinder the deployment of BGP prefix hijacking defenses.

We expect the findings of this survey to increase the understanding of existing BGP hijacking defenses and the needs of network operators, as well as help us design new defense mechanisms.

Research records will be kept confidential to the extent allowed by law. All data will be anonymous and collected and published in a manner that would not allow identification of your personal identity. A summary of the aggregate results will be published as a part of an article/conference paper.

The questionnaire should be filled out by professionals working as network operators (at networks with an AS number), whose daily job relates to BGP operations. It has a total of 21 questions, which should take no longer than 10 minutes to answer. If you agree to participate in this study, please answer the questions of this survey (do NOT include in your answers information that may help to identify you or your organization).

Participation in this study is voluntary. You have the right to not participate at all or to leave the study at any time without penalty or loss of benefits to which you are entitled. If you have any feedback on the survey, or would like to be notified when we publish a summary of results, or you want additional information, please write us at sermpezis@ics.forth.gr and alberto@caida.org.

Contact information:

Dr. Pavlos Sermpezis,
Researcher, ICS-FORTH, Greece,
N. Plastira 100, Heraklion 70013, Greece
+30 2810 391 657,
sermpezis@ics.forth.gr

Dr. Alberto Dainotti,
Research Scientist,
CAIDA, San Diego Supercomputer Center
University of California San Diego
9500 Gilman Drive, MC 0505
La Jolla, CA 92093-0505
+1-858-534-9249
alberto@caida.org

Some questions about you and your organization

Which term(s) would best characterize your organization? *

(Check all that apply)

ISP (transit provider, tier-1 multi-national)

ISP (transit provider, multi-national)

ISP (transit provider, large mainly domestic)

ISP (transit provider, regional domestic)

Content Distribution Network

Cloud provider

IXP

Web hosting provider

Other:

Required

In which continent(s) does your company operate? *

(Check all that apply)

Africa

Asia

Australia

Europe

North America

South America

Required

In which country(-ies) does your company operate? (optional)

(complete names or country codes)

What is your position in your company? *

Network Engineer

Operations Manager

Executive Manager

Other:

Knowledge and Experience with BGP Prefix Hijacking

This section asks questions about your awareness of BGP prefix hijacking, as well as past experience with hijacking incidents.

Do you know what BGP prefix hijacking is and how it can happen? *

I have no idea

Very good knowledge

How concerned are you about BGP prefix hijacking incidents on the Internet? *

Not at all

A lot

Are you concerned that your network may be a victim of a BGP prefix hijacking incident in the future? *

Not at all

Very concerned

How severe do you consider the potential impact of a BGP prefix hijacking against your network? *

It will be unnoticed

It may trigger a few minutes of downtime for a few services/clients

It may trigger a few minutes of downtime for many services/clients

It may trigger hours of downtime for a few services/clients

It may trigger hours of downtime for many services/clients

I do not know

Has your organization been a victim of a BGP prefix hijacking incident in the past? *

Yes

I do not know

If your organization was a victim of a BGP prefix hijacking incident, for how long was your network affected? (optional)

less than a minute

less than 15 minutes

less than 1 hour

less than a day

more than a day

Clear selection

Defenses against BGP Prefix Hijacking

This section asks questions about existing/potential defense mechanisms against BGP prefix hijacking in your network.

Do you use RPKI in your network? *

Yes, I use RPKI (certificates/ROAs for my own prefixes AND origin validation)

Yes, I use RPKI (ONLY certificates/ROAs for my own prefixes)

Yes, I use RPKI (ONLY origin validation for third-party prefixes in the RPKI)

No, I do not use RPKI

I do not know / I do not answer

If no, what are the main reasons for not using RPKI? (optional)

(Check all that apply; by checking "Other" you can write another reason and/or provide additional comments)

It will add complexity to my network, which increases the risk to failures, etc.

It will add processing overhead to our equipment, e.g. for origin validation, which might cause problems

It will increase costs, i.e. OPEX, for maintaining the new service

It will increase costs, i.e. CAPEX, for upgrading existing equipment or for new equipment for the service

It will give little benefit in terms of security

It is not widely adopted (by other networks)

Other:

Do you use in your network any other defense mechanisms (other than RPKI) that protect your/others' prefixes from BGP prefix hijacking? *

Yes

I do not know

If yes, what mechanisms do you use? Could you provide a brief description? (optional)

In your network, how would you learn about a hijacking incident against your prefix(es)? *

(Check all that apply; by checking "Other" you can mention another option and/or provide additional comments)

Most likely, I would not learn about it

I use a third-party BGP prefix hijacking detection service from which I receive notifications

I use a local detection system that monitors the availability of my services

I do not use any detection system, but I expect to receive a notification from colleagues, clients, mailing lists, etc. if something happens

I do not know

Other:

Required

If you use a local or third-party detection service or system, could you please give us more details about it? (optional)

For example, you could write which detection service you use, any good or bad experience with it, etc.

How would you mitigate a hijack against your prefixes if you were notified about an on-going event? *

I would try to contact the offending AS network operators or their providers to resolve the issue

I would announce more specific prefixes

Both of the above

I do not know / I would not do anything

Other:

Would you outsource functions relating to the mitigation of prefix hijacking incidents to a third-party, if this helps your organization reduce its risks? *

Yes

I do not know

If no, what are the main factors that would affect your decision not to outsource prefix hijacking mitigation? [check max 2 factors] (optional)

Cost

Information I need to share with the outsourcing organization

Administrative overhead

Technical overhead

Other:

Assuming you fully trust an outsourcing organization for prefix hijacking mitigation, what is the information/control (if any) you are still NOT willing to share/allow? *

(Check all that apply)

Not share the list of my ASN(s) and IP prefixes

Not share the list of my AS-neighbors

Not share my routing policies: Export Policies

Not share my routing policies: Local Preferences

Not allow to announce my IP prefixes using THEIR equipment and THEIR ASN(s)

Not allow to announce my IP prefixes using THEIR equipment and MY ASN(s)

Not allow to announce my IP prefixes using MY equipment and MY ASN(s)

Not allow to tunnel MY traffic to me through THEIR network

Share/allow all the above

Required

How important do you consider the following characteristics for the deployment of a new defense system in your network? *

(Note: A real system cannot satisfy all these characteristics; considering all of them "Very important" would not probably describe a feasible solution.)

Not important

Low importance

Important

Very important / Determinant

Low cost

Ease of installation

Minimum changes to network configuration

Self-managed, self-operated (i.e., no involvement of another party, or no outsourcing)

Low false positives (detection)

Low false negatives (detection)

Effectiveness of mitigation

Fast mitigation

Privacy (e.g., not disclosing your peering/routing policies)

Ease of operating/troubleshooting

Not important

Low importance

Important

Very important / Determinant

Low cost

Ease of installation

Minimum changes to network configuration

Self-managed, self-operated (i.e., no involvement of another party, or no outsourcing)

Low false positives (detection)

Low false negatives (detection)

Effectiveness of mitigation

Fast mitigation

Privacy (e.g., not disclosing your peering/routing policies)

Ease of operating/troubleshooting

Comments & Feedback

Please leave here any comments or feedback you would like to give us about the questionnaire

Submit

Clear form

Never submit passwords through Google Forms.

This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Privacy Policy

Forms