Abstract
Given BGP's inherent vulnerabilities, our team began monitoring critical Internet infrastructure for potential BGP origin hijacks. Specifically, in January 2023, we started using Code BGP to monitor root DNS prefixes.
Root DNS servers are the authoritative name servers for the DNS root zone. We chose to monitor the BGP prefixes corresponding to the IP addresses of these servers for two main reasons:
First, root DNS servers sit at the top of the global DNS hierarchy and represent critical Internet infrastructure that must be protected.
Second, root DNS prefixes are typically heavily anycasted. We reasoned that any potential BGP anomaly affecting these prefixes might go largely unnoticed, since anycast minimizes the impact on the data plane, making it minimal or even negligible.
In this presentation, we will provide details about the BGP anomaly events we have detected over the past 2.5 years involving the root DNS prefixes, including estimations of their impact on the data plane.
Recording
Speaker
Lefteris Manassakis
Lefteris is a software and network engineer with a background in networking research. He is a Technical Leader at Cisco ThousandEyes.
Previously, he co-founded Code BGP, a BGP Monitoring startup, which was acquired by Cisco.
Research interests: Internet routing, Internet measurements, network security and network automation.
For more information, please visit his personal webpage at https://manassakis.net/.
Rate this talk
Rating period has ended.