-
Notifications
You must be signed in to change notification settings - Fork 7
Supported Scenarios
This scenario has no attackers, and simply announces a valid prefix covered by a ROA
In this scenario the victim announces a prefix, and the attacker announces nothing, winning only the traffic that passively flows through the attacker
This scenario requires two rounds of propagation. During the first round of propagation, the victim announces their prefix. Then the attacker gets the announcement. The graph is cleared. The victim announces their announcement, and the attacker leaks the announcement that they received from the previous round.
Attack announces a prefix that has a ROA of AS 0. Victim announces nothing
Attacker announces a superprefix of a non routed prefix that is not covered by a ROA. Victim announces nothing.
Attacker announces both the superprefix and prefix for a non routed prefix. The prefix is covered by a ROA, but the superprefix is not. The Victim announces nothing.
Attacker and victim both announce the same prefix. The attacker's announcement is invalid by ROA.
Victim announces prefix covered by a ROA. Attacker announces a subprefix that is invalid by ROA
Attacker announces an origin hijack that is valid by ROA for a prefix that is covered by a ROA. Victim announces a valid by ROA prefix.
Attacker finds the shortest valid path that can be announced to bypass various pathsec protections such as ASPA and BGP-iSec. Victim announces a prefix covered by a ROA.
Extension of the ShortestPathPrefixHijack, but the attacker removes the first ASN from the AS-Path
Attacker announces a superprefix, not covered by a ROA and a prefix, invalid by ROA. Victim announces a prefix that is valid by ROA