BGP_route_hijack_2016 (10/26/2016 to 10/26/2016)

This dataset includes BGP control-plane data (i.e., route updates) that capture several route hijacking incidents involving a few Merit Network (AS237) address prefixes. The vantage point that recorded these updates is a RIPE NCC (ripe.net) Quagga collector located in Sao Paolo, Brazil (rrc15.ripe.net). This event is not just a plain prefix or subprefix hijack; in this dataset, we see that the offender AS announces a path that ends at the AS (Merit's AS237 in our case) that legitimately owns the network prefix. This dataset can be used for evaluating algorithms that aim to detect suck kind of miscreant behavior or for evaluating the effects of such activity (e.g., how far these updates propagated in the Internet). The dataset can be analyzed with libbgpdump. An example of the event is shown below: BGP4MP|10/26/16 12:22:08|A|187.16.217.48|16735|141.210.0.0/16|16735 32632 3257 12180 237|INCOMPLETE BGP4MP|10/26/16 12:22:08|A|187.16.217.48|16735|35.29.0.0/16|16735 32632 3257 12180 237|INCOMPLETE BGP4MP|10/26/16 12:22:08|A|187.16.217.48|16735|35.4.0.0/16|16735 32632 3257 12180 237|INCOMPLETE BGP4MP|10/26/16 12:22:08|A|187.16.217.48|16735|207.72.0.0/16|16735 32632 3257 12180 237|INCOMPLETE This dataset is being provided by Merit with kind permission from RIPE NCC's RIPEStat team. This dataset includes BGP updates for 2016-10-26; more data can be downloaded from RIPE: https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris/ris-raw-data. We kindly request all researchers to notify us should they publish any work that utilizes this dataset.