SlideShare ist ein Scribd-Unternehmen logo

Blackhat USA 2015: BGP Stream Presentation

OpenDNS
OpenDNS

BGP Stream presentation from Blackhat USA by OpenDNS CTO Dan Hubbard and Network Manager Andree Toonk.

Technologie
1 von 23
Downloaden Sie, um offline zu lesen
1 Dan Hubbard & Andree Toonk Blackhat 2015 BGP Stream
2 BGP Overview BGP Attack Examples Announcing BGPStream BGPStream dataviz client example Other cool stuff Things we may or may not present….
3
4 •  Network of Networks, it’s a Graph! •  Each organizations on the Internet is called an Autonomous system. •  Each node represents an Autonomous system (AS). •  AS is identified by a number. •  OpenDNS is 36692, Google is 15169. •  Each AS has one or more Prefixes. •  36692 has 56 (ipv4 and IPv6) network prefixes. •  BGP is the glue that makes this work! Result is a topology map of the Internet Internet 101 & BGP
5 andree@rtr1.syd> show route protocol bgp www.facebook.com inet.0: 528878 destinations, 1095067 routes (528873 active, 3 holddown, 12 hidden) + = Active Route, - = Last Active, * = Both 179.60.193.0/24 *[BGP/170] 2w6d 21:16:18, MED 0, localpref 100 AS path: 32934 I > to 202.167.228.39 via ge-1/1/9.0 [BGP/170] 1w6d 02:04:04, localpref 100 AS path: 4637 1221 32934 I > to 210.176.38.1 via xe-0/0/0.0 [BGP/170] 4d 21:09:54, MED 0, localpref 100 AS path: 2914 38561 1221 32934 I > to 202.68.65.149 via xe-2/0/0.0 Example BGP troubleshooting How  do  I  route   to  Facebook?  
6 Recent High Profile BGP Incident Examples BGP  hijack  used  for  spamming   BGP  hijack  used  for  financial  gain  (bitcoin  hijack)   BGP  hijack  by  Hacking  team   Large  scale  mulC  day  outages  in  Syria  and  Egypt   BGP  hijack  by  Turkey  to  censor  popular  DNS  resolvers   Many  more  accidental  BGP  hijacks  
7
8
9 High level Architecture       BGP  Stream  analyzer   BGP  data   Classifier Notification Expected   Support  for:   IPv4  &  IPv6   16  &  32bit  AS  numbers   Expected  state:   •  Prefix  /  Origin  AS   •  AS  relaCons   •  Historical  info   •  GEO  info   •  Whois  info   •  Etc.   Observed BGP data from hundreds of BGP peers globally
10 BGP Stream Classifier     BGP  data   •  Expected Origin AS vs. Detected origin AS •  Existing Business relationship? •  Does Detected    AS  announce other Expected    AS  prefixes in BGP •  Is there an existing peering relationship •  Did Detected    AS  recently announce Expected    AS  prefixes •  Exclude well relations and ASNs (i.e. DoD Asns, special Anycast prefixes). •  Whois information •  Valid RPLS route object in RIR / IRR databases? •  Allocation data •  Name collision in name, description, emails •  Geo Info •  Do Expected    and Detected  operate in same country •  For US, same state •  Detected by number of BGPmon peers
11 BGPStream Data Visualization Client
12
13 $blackhat there is more.. RUN BGPDNS
14 Requests Per Day 80B Countries 160+ Daily Active Users 65M Enterprise Customers 10K Our Perspective Diverse Set of Data & Global Internet Visibility
15
16 Malaysia Airlines DNS Hijack January 25, 2015
17 MALICIOUS ASN/IP IDENTIFIED Owned  by  Lizard  Squad   who  hacked  PS3  and  Xbox   Networks  in     December  2014  
18
19 POPVOTE.HK 750 Million DNS requests 1 hour
20
21
22 The Future…. More Tuning and Training Integrate DNSStream into BGPStream portal Build a community of BGP and DNS watchers
23 @bgpstream @dnsstream

Empfohlen

Networking presentation 9 march 2009
Networking presentation 9 march 2009Networking presentation 9 march 2009
Networking presentation 9 march 2009Kinshook Chaturvedi
 
BGP Scanner - Isolario BGP-MRT Data Reader C Library and Tool
BGP Scanner - Isolario BGP-MRT Data Reader C Library and ToolBGP Scanner - Isolario BGP-MRT Data Reader C Library and Tool
BGP Scanner - Isolario BGP-MRT Data Reader C Library and ToolAPNIC
 
Adventures in Linked Data Land (presentation by Richard Light)
Adventures in Linked Data Land (presentation by Richard Light)Adventures in Linked Data Land (presentation by Richard Light)
Adventures in Linked Data Land (presentation by Richard Light)jottevanger
 
Building a Directed Graph with MongoDB
Building a Directed Graph with MongoDBBuilding a Directed Graph with MongoDB
Building a Directed Graph with MongoDBTony Tam
 
Rdf conjunctive query selectivity estimation
Rdf conjunctive query selectivity estimationRdf conjunctive query selectivity estimation
Rdf conjunctive query selectivity estimationINRIA-OAK
 
Wherecamp Navigation Conference 2015 - SPOI SDI4pps: Points of Interest
Wherecamp Navigation Conference 2015 - SPOI SDI4pps: Points of InterestWherecamp Navigation Conference 2015 - SPOI SDI4pps: Points of Interest
Wherecamp Navigation Conference 2015 - SPOI SDI4pps: Points of InterestWhereCampBerlin
 
Apache Spark's Built-in File Sources in Depth
Apache Spark's Built-in File Sources in DepthApache Spark's Built-in File Sources in Depth
Apache Spark's Built-in File Sources in DepthDatabricks
 
Improve Performance in Fast Search for SharePoint - Comperio
Improve Performance in Fast Search for SharePoint - ComperioImprove Performance in Fast Search for SharePoint - Comperio
Improve Performance in Fast Search for SharePoint - ComperioComperio - Search Matters.
 

Empfohlen

Networking presentation 9 march 2009
Networking presentation 9 march 2009Networking presentation 9 march 2009
Networking presentation 9 march 2009Kinshook Chaturvedi
 
BGP Scanner - Isolario BGP-MRT Data Reader C Library and Tool
BGP Scanner - Isolario BGP-MRT Data Reader C Library and ToolBGP Scanner - Isolario BGP-MRT Data Reader C Library and Tool
BGP Scanner - Isolario BGP-MRT Data Reader C Library and ToolAPNIC
 
Adventures in Linked Data Land (presentation by Richard Light)
Adventures in Linked Data Land (presentation by Richard Light)Adventures in Linked Data Land (presentation by Richard Light)
Adventures in Linked Data Land (presentation by Richard Light)jottevanger
 
Building a Directed Graph with MongoDB
Building a Directed Graph with MongoDBBuilding a Directed Graph with MongoDB
Building a Directed Graph with MongoDBTony Tam
 
Rdf conjunctive query selectivity estimation
Rdf conjunctive query selectivity estimationRdf conjunctive query selectivity estimation
Rdf conjunctive query selectivity estimationINRIA-OAK
 
Wherecamp Navigation Conference 2015 - SPOI SDI4pps: Points of Interest
Wherecamp Navigation Conference 2015 - SPOI SDI4pps: Points of InterestWherecamp Navigation Conference 2015 - SPOI SDI4pps: Points of Interest
Wherecamp Navigation Conference 2015 - SPOI SDI4pps: Points of InterestWhereCampBerlin
 
Apache Spark's Built-in File Sources in Depth
Apache Spark's Built-in File Sources in DepthApache Spark's Built-in File Sources in Depth
Apache Spark's Built-in File Sources in DepthDatabricks
 
Improve Performance in Fast Search for SharePoint - Comperio
Improve Performance in Fast Search for SharePoint - ComperioImprove Performance in Fast Search for SharePoint - Comperio
Improve Performance in Fast Search for SharePoint - ComperioComperio - Search Matters.
 
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsOpenDNS
 
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOne Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOpenDNS
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote SlidesOpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote SlidesOpenDNS
 
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...OpenDNS
 
OpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform TechnologyOpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform TechnologyCourtland Smith
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsOpenDNS
 
Umbrella for MSPs: Enterprise Grade Malware Protection & Containment
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentUmbrella for MSPs: Enterprise Grade Malware Protection & Containment
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentOpenDNS
 
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...OpenDNS
 
Final Project Report-SIEM
Final Project Report-SIEMFinal Project Report-SIEM
Final Project Report-SIEMRangan Yoga
 
AfterGlow
AfterGlowAfterGlow
AfterGlowRaffael Marty
 
Docker at OpenDNS
Docker at OpenDNSDocker at OpenDNS
Docker at OpenDNSOpenDNS
 
Decoding Connectivity: Thriving and Leading in the Internet of Everything World
Decoding Connectivity: Thriving and Leading in the Internet of Everything WorldDecoding Connectivity: Thriving and Leading in the Internet of Everything World
Decoding Connectivity: Thriving and Leading in the Internet of Everything WorldCisco Canada
 
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...OpenDNS
 
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...viaForensics
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUMohit Rampal
 
sebis research profile
sebis research profilesebis research profile
sebis research profilesebistum
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
 
Hide Android applications in images
Hide Android applications in imagesHide Android applications in images
Hide Android applications in imagesAnge Albertini
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKIMyNOG
 
BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit
BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP ToolkitBGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit
BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP ToolkitAPNIC
 

Weitere ähnliche Inhalte

Andere mochten auch

New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsOpenDNS
 
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOne Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOpenDNS
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote SlidesOpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote SlidesOpenDNS
 
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...OpenDNS
 
OpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform TechnologyOpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform TechnologyCourtland Smith
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsOpenDNS
 
Umbrella for MSPs: Enterprise Grade Malware Protection & Containment
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentUmbrella for MSPs: Enterprise Grade Malware Protection & Containment
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentOpenDNS
 
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...OpenDNS
 
Final Project Report-SIEM
Final Project Report-SIEMFinal Project Report-SIEM
Final Project Report-SIEMRangan Yoga
 
Docker at OpenDNS
Docker at OpenDNSDocker at OpenDNS
Docker at OpenDNSOpenDNS
 
Decoding Connectivity: Thriving and Leading in the Internet of Everything World
Decoding Connectivity: Thriving and Leading in the Internet of Everything WorldDecoding Connectivity: Thriving and Leading in the Internet of Everything World
Decoding Connectivity: Thriving and Leading in the Internet of Everything WorldCisco Canada
 
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...OpenDNS
 
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...viaForensics
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUMohit Rampal
 
sebis research profile
sebis research profilesebis research profile
sebis research profilesebistum
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
 
Hide Android applications in images
Hide Android applications in imagesHide Android applications in images
Hide Android applications in imagesAnge Albertini
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 

Andere mochten auch (20)

New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
 
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOne Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain
 
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote SlidesOpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
 
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
 
OpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform TechnologyOpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform Technology
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower Costs
 
Umbrella for MSPs: Enterprise Grade Malware Protection & Containment
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentUmbrella for MSPs: Enterprise Grade Malware Protection & Containment
Umbrella for MSPs: Enterprise Grade Malware Protection & Containment
 
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
 
Final Project Report-SIEM
Final Project Report-SIEMFinal Project Report-SIEM
Final Project Report-SIEM
 
AfterGlow
AfterGlowAfterGlow
AfterGlow
 
Docker at OpenDNS
Docker at OpenDNSDocker at OpenDNS
Docker at OpenDNS
 
Decoding Connectivity: Thriving and Leading in the Internet of Everything World
Decoding Connectivity: Thriving and Leading in the Internet of Everything WorldDecoding Connectivity: Thriving and Leading in the Internet of Everything World
Decoding Connectivity: Thriving and Leading in the Internet of Everything World
 
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
 
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
 
sebis research profile
sebis research profilesebis research profile
sebis research profile
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
 
Hide Android applications in images
Hide Android applications in imagesHide Android applications in images
Hide Android applications in images
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpoints
 

Ähnlich wie Blackhat USA 2015: BGP Stream Presentation

Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKIMyNOG
 
BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit
BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP ToolkitBGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit
BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP ToolkitAPNIC
 
Operationalizing BGP in the SDDC
Operationalizing BGP in the SDDCOperationalizing BGP in the SDDC
Operationalizing BGP in the SDDCCumulus Networks
 
InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu
InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiuInternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu
InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu?? ?
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPMaximilan Wilhelm
 
NP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGPNP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGPhamsa nandhini
 
Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...
Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...
Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...akg1330
 
Apnic-Training-IPv6_workshop
Apnic-Training-IPv6_workshopApnic-Training-IPv6_workshop
Apnic-Training-IPv6_workshopNguyen Minh Thu
 
IPv6 in Cellular Networks
IPv6 in Cellular NetworksIPv6 in Cellular Networks
IPv6 in Cellular NetworksAPNIC
 
An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)Jasim Alam
 
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. ServinInitial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. ServinMyNOG
 

Ähnlich wie Blackhat USA 2015: BGP Stream Presentation (20)

Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKI
 
BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit
BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP ToolkitBGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit
BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit
 
Bgp (1)
Bgp (1)Bgp (1)
Bgp (1)
 
CCCNP ROUTE v6_ch06
CCCNP ROUTE v6_ch06CCCNP ROUTE v6_ch06
CCCNP ROUTE v6_ch06
 
Operationalizing BGP in the SDDC
Operationalizing BGP in the SDDCOperationalizing BGP in the SDDC
Operationalizing BGP in the SDDC
 
bgp.ppt
bgp.pptbgp.ppt
bgp.ppt
 
InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu
InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiuInternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu
InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
 
NP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGPNP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGP
 
Bgp
BgpBgp
Bgp
 
Bgp
BgpBgp
Bgp
 
Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...
Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...
Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...
 
Apnic-Training-IPv6_workshop
Apnic-Training-IPv6_workshopApnic-Training-IPv6_workshop
Apnic-Training-IPv6_workshop
 
IPv6 in Cellular Networks
IPv6 in Cellular NetworksIPv6 in Cellular Networks
IPv6 in Cellular Networks
 
Bgp Toc
Bgp TocBgp Toc
Bgp Toc
 
eBGP.pptx
eBGP.pptxeBGP.pptx
eBGP.pptx
 
An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)
 
Cumulus Linux 2.5.3
Cumulus Linux 2.5.3Cumulus Linux 2.5.3
Cumulus Linux 2.5.3
 
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. ServinInitial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
 
Scripting on Routers - NANOG 47
Scripting on Routers - NANOG 47Scripting on Routers - NANOG 47
Scripting on Routers - NANOG 47
 

Mehr von OpenDNS

Highly Available Docker Networking With BGP
Highly Available Docker Networking With BGPHighly Available Docker Networking With BGP
Highly Available Docker Networking With BGPOpenDNS
 
Security Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramSecurity Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramOpenDNS
 
IP Routing, AWS, and Docker
IP Routing, AWS, and DockerIP Routing, AWS, and Docker
IP Routing, AWS, and DockerOpenDNS
 
Marauder or Scanning Your DNSDB for Fun and Profit - SOURCE Boston
Marauder or Scanning Your DNSDB for Fun and Profit - SOURCE BostonMarauder or Scanning Your DNSDB for Fun and Profit - SOURCE Boston
Marauder or Scanning Your DNSDB for Fun and Profit - SOURCE BostonOpenDNS
 
Network Security: A Four Point Analysis of Appliances vs. the Cloud
Network Security: A Four Point Analysis of Appliances vs. the CloudNetwork Security: A Four Point Analysis of Appliances vs. the Cloud
Network Security: A Four Point Analysis of Appliances vs. the CloudOpenDNS
 
CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Dis...
CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Dis...CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Dis...
CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Dis...OpenDNS
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
 
Baythreat Cryptolocker Presentation
Baythreat Cryptolocker PresentationBaythreat Cryptolocker Presentation
Baythreat Cryptolocker PresentationOpenDNS
 
Cryptolocker Webcast
Cryptolocker WebcastCryptolocker Webcast
Cryptolocker WebcastOpenDNS
 
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIO
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIOMSP Webcast - Leveraging Cloud Security to Become a Virtual CIO
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIOOpenDNS
 
Fast Detection of New Malicious Domains using DNS
Fast Detection of New Malicious Domains using DNSFast Detection of New Malicious Domains using DNS
Fast Detection of New Malicious Domains using DNSOpenDNS
 
Umbrella for MSPs: Cloud Security via N-able
Umbrella for MSPs: Cloud Security via N-ableUmbrella for MSPs: Cloud Security via N-able
Umbrella for MSPs: Cloud Security via N-ableOpenDNS
 

Mehr von OpenDNS (13)

Highly Available Docker Networking With BGP
Highly Available Docker Networking With BGPHighly Available Docker Networking With BGP
Highly Available Docker Networking With BGP
 
Security Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramSecurity Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training Program
 
IP Routing, AWS, and Docker
IP Routing, AWS, and DockerIP Routing, AWS, and Docker
IP Routing, AWS, and Docker
 
Defcon
DefconDefcon
Defcon
 
Marauder or Scanning Your DNSDB for Fun and Profit - SOURCE Boston
Marauder or Scanning Your DNSDB for Fun and Profit - SOURCE BostonMarauder or Scanning Your DNSDB for Fun and Profit - SOURCE Boston
Marauder or Scanning Your DNSDB for Fun and Profit - SOURCE Boston
 
Network Security: A Four Point Analysis of Appliances vs. the Cloud
Network Security: A Four Point Analysis of Appliances vs. the CloudNetwork Security: A Four Point Analysis of Appliances vs. the Cloud
Network Security: A Four Point Analysis of Appliances vs. the Cloud
 
CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Dis...
CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Dis...CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Dis...
CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Dis...
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
 
Baythreat Cryptolocker Presentation
Baythreat Cryptolocker PresentationBaythreat Cryptolocker Presentation
Baythreat Cryptolocker Presentation
 
Cryptolocker Webcast
Cryptolocker WebcastCryptolocker Webcast
Cryptolocker Webcast
 
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIO
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIOMSP Webcast - Leveraging Cloud Security to Become a Virtual CIO
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIO
 
Fast Detection of New Malicious Domains using DNS
Fast Detection of New Malicious Domains using DNSFast Detection of New Malicious Domains using DNS
Fast Detection of New Malicious Domains using DNS
 
Umbrella for MSPs: Cloud Security via N-able
Umbrella for MSPs: Cloud Security via N-ableUmbrella for MSPs: Cloud Security via N-able
Umbrella for MSPs: Cloud Security via N-able
 

Kürzlich hochgeladen

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Blackhat USA 2015: BGP Stream Presentation

  • 1. 1 Dan Hubbard & Andree Toonk Blackhat 2015 BGP Stream
  • 2. 2 BGP Overview BGP Attack Examples Announcing BGPStream BGPStream dataviz client example Other cool stuff Things we may or may not present….
  • 3. 3
  • 4. 4 •  Network of Networks, it’s a Graph! •  Each organizations on the Internet is called an Autonomous system. •  Each node represents an Autonomous system (AS). •  AS is identified by a number. •  OpenDNS is 36692, Google is 15169. •  Each AS has one or more Prefixes. •  36692 has 56 (ipv4 and IPv6) network prefixes. •  BGP is the glue that makes this work! Result is a topology map of the Internet Internet 101 & BGP
  • 5. 5 andree@rtr1.syd> show route protocol bgp www.facebook.com inet.0: 528878 destinations, 1095067 routes (528873 active, 3 holddown, 12 hidden) + = Active Route, - = Last Active, * = Both 179.60.193.0/24 *[BGP/170] 2w6d 21:16:18, MED 0, localpref 100 AS path: 32934 I > to 202.167.228.39 via ge-1/1/9.0 [BGP/170] 1w6d 02:04:04, localpref 100 AS path: 4637 1221 32934 I > to 210.176.38.1 via xe-0/0/0.0 [BGP/170] 4d 21:09:54, MED 0, localpref 100 AS path: 2914 38561 1221 32934 I > to 202.68.65.149 via xe-2/0/0.0 Example BGP troubleshooting How  do  I  route   to  Facebook?  
  • 6. 6 Recent High Profile BGP Incident Examples BGP  hijack  used  for  spamming   BGP  hijack  used  for  financial  gain  (bitcoin  hijack)   BGP  hijack  by  Hacking  team   Large  scale  mulC  day  outages  in  Syria  and  Egypt   BGP  hijack  by  Turkey  to  censor  popular  DNS  resolvers   Many  more  accidental  BGP  hijacks  
  • 7. 7
  • 8. 8
  • 9. 9 High level Architecture       BGP  Stream  analyzer   BGP  data   Classifier Notification Expected   Support  for:   IPv4  &  IPv6   16  &  32bit  AS  numbers   Expected  state:   •  Prefix  /  Origin  AS   •  AS  relaCons   •  Historical  info   •  GEO  info   •  Whois  info   •  Etc.   Observed BGP data from hundreds of BGP peers globally
  • 10. 10 BGP Stream Classifier     BGP  data   •  Expected Origin AS vs. Detected origin AS •  Existing Business relationship? •  Does Detected    AS  announce other Expected    AS  prefixes in BGP •  Is there an existing peering relationship •  Did Detected    AS  recently announce Expected    AS  prefixes •  Exclude well relations and ASNs (i.e. DoD Asns, special Anycast prefixes). •  Whois information •  Valid RPLS route object in RIR / IRR databases? •  Allocation data •  Name collision in name, description, emails •  Geo Info •  Do Expected    and Detected  operate in same country •  For US, same state •  Detected by number of BGPmon peers
  • 12. 12
  • 13. 13 $blackhat there is more.. RUN BGPDNS
  • 14. 14 Requests Per Day 80B Countries 160+ Daily Active Users 65M Enterprise Customers 10K Our Perspective Diverse Set of Data & Global Internet Visibility
  • 15. 15
  • 16. 16 Malaysia Airlines DNS Hijack January 25, 2015
  • 17. 17 MALICIOUS ASN/IP IDENTIFIED Owned  by  Lizard  Squad   who  hacked  PS3  and  Xbox   Networks  in     December  2014  
  • 18. 18
  • 20. 20
  • 21. 21
  • 22. 22 The Future…. More Tuning and Training Integrate DNSStream into BGPStream portal Build a community of BGP and DNS watchers