[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

community real-time BGP hijack notification service

Subject: community real-time BGP hijack notification service
From: nanog at daork.net (Nathan Ward)
Date: Sat, 13 Sep 2008 01:27:31 +1200
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

On 13/09/2008, at 1:14 AM, Christian Koch wrote:

> Maybe a better idea would be if you were able to input your origin asn
> and define your upstreams and/or peers, to be alerted on as well. (ie:
> Do not alert me on any paths containing  123_000, 456_000, 789_000).

Again, that is trivially easy to falsify.

My best quick hack solution so far is to fire off a traceroute and  
make sure that the traceroute gets ICMP TTL expire messages from IP  
addresses that are in prefixes originated from all the ASes in the  
ASPATH.
Still forgeable, but a bit more difficult.. still far from perfect  
though.

--
Nathan Ward

Follow-Ups:
- community real-time BGP hijack notification service
  - From: christian at broknrobot.com (Christian Koch)

References:
- community real-time BGP hijack notification service
  - From: ge at linuxbox.org (Gadi Evron)
- community real-time BGP hijack notification service
  - From: nanog at daork.net (Nathan Ward)
- community real-time BGP hijack notification service
  - From: christian at broknrobot.com (Christian Koch)

Prev by Date: community real-time BGP hijack notification service
Next by Date: community real-time BGP hijack notification service
Previous by thread: community real-time BGP hijack notification service
Next by thread: community real-time BGP hijack notification service
Index(es):
- Date
- Thread