Survey on BGP prefix hijacking
This survey is part of a research effort by Pavlos Sermpezis at ICS-FORTH and Alberto Dainotti at CAIDA, UC San Diego, to study (a) the operators’ awareness of BGP prefix hijacking attacks, (b) presently used defenses (if any) against BGP prefix hijacking, (c) the willingness to adopt new defense mechanisms, and (d) reasons that may hinder the deployment of BGP prefix hijacking defenses.

We expect the findings of this survey to increase the understanding of existing BGP hijacking defenses and the needs of network operators, as well as help us design new defense mechanisms.

Research records will be kept confidential to the extent allowed by law. All data will be anonymous and collected and published in a manner that would not allow identification of your personal identity. A summary of the aggregate results will be published as a part of an article/conference paper.

The questionnaire should be filled out by professionals working as network operators (at networks with an AS number), whose daily job relates to BGP operations. It has a total of 21 questions, which should take no longer than 10 minutes to answer. If you agree to participate in this study, please answer the questions of this survey (do NOT include in your answers information that may help to identify you or your organization).

Participation in this study is voluntary. You have the right to not participate at all or to leave the study at any time without penalty or loss of benefits to which you are entitled. If you have any feedback on the survey, or would like to be notified when we publish a summary of results, or you want additional information, please write us at sermpezis@ics.forth.gr and alberto@caida.org.

Contact information:

Dr. Pavlos Sermpezis,
Researcher, ICS-FORTH, Greece,
N. Plastira 100, Heraklion 70013, Greece
+30 2810 391 657,
sermpezis@ics.forth.gr

Dr. Alberto Dainotti,
Research Scientist,
CAIDA, San Diego Supercomputer Center
University of California San Diego
9500 Gilman Drive, MC 0505
La Jolla, CA 92093-0505
+1-858-534-9249
alberto@caida.org
Some questions about you and your organization
Which term(s) would best characterize your organization? *
(Check all that apply)
Required
In which continent(s) does your company operate? *
(Check all that apply)
Required
In which country(-ies) does your company operate? (optional)
(complete names or country codes)
Your answer
What is your position in your company? *
Knowledge and Experience with BGP Prefix Hijacking
This section asks questions about your awareness of BGP prefix hijacking, as well as past experience with hijacking incidents.
Do you know what BGP prefix hijacking is and how it can happen? *
I have no idea
Very good knowledge
How concerned are you about BGP prefix hijacking incidents on the Internet? *
Not at all
A lot
Are you concerned that your network may be a victim of a BGP prefix hijacking incident in the future? *
Not at all
Very concerned
How severe do you consider the potential impact of a BGP prefix hijacking against your network? *
Has your organization been a victim of a BGP prefix hijacking incident in the past? *
If your organization was a victim of a BGP prefix hijacking incident, for how long was your network affected? (optional)
Defenses against BGP Prefix Hijacking
This section asks questions about existing/potential defense mechanisms against BGP prefix hijacking in your network.
Do you use RPKI in your network? *
If no, what are the main reasons for not using RPKI? (optional)
(Check all that apply; by checking "Other" you can write another reason and/or provide additional comments)
Do you use in your network any other defense mechanisms (other than RPKI) that protect your/others' prefixes from BGP prefix hijacking? *
If yes, what mechanisms do you use? Could you provide a brief description? (optional)
Your answer
In your network, how would you learn about a hijacking incident against your prefix(es)? *
(Check all that apply; by checking "Other" you can mention another option and/or provide additional comments)
Required
If you use a local or third-party detection service or system, could you please give us more details about it? (optional)
For example, you could write which detection service you use, any good or bad experience with it, etc.
Your answer
How would you mitigate a hijack against your prefixes if you were notified about an on-going event? *
Would you outsource functions relating to the mitigation of prefix hijacking incidents to a third-party, if this helps your organization reduce its risks? *
If no, what are the main factors that would affect your decision not to outsource prefix hijacking mitigation? [check max 2 factors] (optional)
Assuming you fully trust an outsourcing organization for prefix hijacking mitigation, what is the information/control (if any) you are still NOT willing to share/allow? *
(Check all that apply)
Required
How important do you consider the following characteristics for the deployment of a new defense system in your network? *
(Note: A real system cannot satisfy all these characteristics; considering all of them "Very important" would not probably describe a feasible solution.)
Not important
Low importance
Important
Very important / Determinant
Low cost
Ease of installation
Minimum changes to network configuration
Self-managed, self-operated (i.e., no involvement of another party, or no outsourcing)
Low false positives (detection)
Low false negatives (detection)
Effectiveness of mitigation
Fast mitigation
Privacy (e.g., not disclosing your peering/routing policies)
Ease of operating/troubleshooting
Comments & Feedback
Please leave here any comments or feedback you would like to give us about the questionnaire
Your answer
Submit
Never submit passwords through Google Forms.
This content is neither created nor endorsed by Google. Report Abuse - Terms of Service