Which signal is commonly used to detect a BGP route hijack in real time?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

Which signal is commonly used to detect a BGP route hijack in real time?

Explanation:
Detecting a BGP route hijack in real time relies on spotting anomalies in who is announcing prefixes. When a prefix appears with an origin AS that isn’t the legitimate owner, or when a prefix suddenly starts coming from an unexpected origin, that mismatch is a strong indicator that traffic could be being hijacked or misrouted. This direct signal—unexpected prefixes or origins—puts the spotlight on unauthorized or abnormal announcements, which is exactly what a hijack involves. In contrast, increased BGP session uptime doesn’t signal hijacking, since a hijack can occur regardless of how long a session has been up. A stable AS_PATH with no changes suggests the routing information hasn’t been altered, which would argue against a hijack. And a decrease in advertisements from the local origin could be caused by legitimate filtering, outages, or policy changes, not a rogue announcement. So the real-time cue you’d rely on is noticing prefixes appearing from origins that aren’t expected.

Detecting a BGP route hijack in real time relies on spotting anomalies in who is announcing prefixes. When a prefix appears with an origin AS that isn’t the legitimate owner, or when a prefix suddenly starts coming from an unexpected origin, that mismatch is a strong indicator that traffic could be being hijacked or misrouted. This direct signal—unexpected prefixes or origins—puts the spotlight on unauthorized or abnormal announcements, which is exactly what a hijack involves.

In contrast, increased BGP session uptime doesn’t signal hijacking, since a hijack can occur regardless of how long a session has been up. A stable AS_PATH with no changes suggests the routing information hasn’t been altered, which would argue against a hijack. And a decrease in advertisements from the local origin could be caused by legitimate filtering, outages, or policy changes, not a rogue announcement.

So the real-time cue you’d rely on is noticing prefixes appearing from origins that aren’t expected.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy