The Detection of Malicious Misrouting of Packets on Internet

K.H. Yeung, D. Fung, and K.Y. Wong (PRC)


Network security, routing, network attacks, intrusion detection


Malicious misrouting of packets is a kind of packet mistreatment attack. In such attack a malicious router misroute packets so that triangle routing is formed. This kind of attack is very difficult to detect, and the problem is considered as an open problem. In this paper, a solution to the problem is proposed. The paper first discusses a simple but effective method to detect packet misrouting. By setting up detection agents on all links of a network, the method can trace the misrouted path and identify the malicious router. Discussion on how to react to the attacks after detection is also given in the paper. Experiments using Cisco routers were run. The experiments aim at showing that a malicious router can easily launch packet mistreatment attacks by simple router configurations. The paper then discusses the effectiveness of the proposed method by presenting the results obtained from a simulator. The simulator implements the detection algorithm discussed in this paper, and simulates how packet misrouting can be detected in real network operations. Based on the results, it is concluded that misrouted packets can effectively be detected by using the proposed method. Finally, the paper concludes itself by pointing out further possible work in this important area.

