nanog mailing list archives
Re: community real-time BGP hijack notification service
From: "Christian Koch" <christian () broknrobot com>
Date: Fri, 12 Sep 2008 09:49:39 -0400
It is, agreed. But what is more likely; a simple a prefix hijack or an all out attack, manipulating origin as, and as_path? While the 2nd is possible, the first is the most likely, and the basis for all these "hijack alert" services. Christian On Fri, Sep 12, 2008 at 9:27 AM, Nathan Ward <nanog () daork net> wrote:
On 13/09/2008, at 1:14 AM, Christian Koch wrote:Maybe a better idea would be if you were able to input your origin asn and define your upstreams and/or peers, to be alerted on as well. (ie: Do not alert me on any paths containing 123_000, 456_000, 789_000).Again, that is trivially easy to falsify. My best quick hack solution so far is to fire off a traceroute and make sure that the traceroute gets ICMP TTL expire messages from IP addresses that are in prefixes originated from all the ASes in the ASPATH. Still forgeable, but a bit more difficult.. still far from perfect though. -- Nathan Ward
Current thread:
- community real-time BGP hijack notification service Gadi Evron (Sep 12)
- Re: community real-time BGP hijack notification service Arnaud de Prelle (Sep 12)
- Re: community real-time BGP hijack notification service Gadi Evron (Sep 12)
- Re: community real-time BGP hijack notification service Nathan Ward (Sep 12)
- Re: community real-time BGP hijack notification service Christian Koch (Sep 12)
- Re: community real-time BGP hijack notification service Nathan Ward (Sep 12)
- Re: community real-time BGP hijack notification service Christian Koch (Sep 12)
- Re: community real-time BGP hijack notification service Gadi Evron (Sep 12)
- Re: community real-time BGP hijack notification service Christian Koch (Sep 12)
- Re: community real-time BGP hijack notification service Gadi Evron (Sep 12)
- Re: community real-time BGP hijack notification service Andy Davidson (Sep 12)
- Re: community real-time BGP hijack notification service Arnaud de Prelle (Sep 12)
- Re: community real-time BGP hijack notification service Matthew Moyle-Croft (Sep 12)
- Re: community real-time BGP hijack notification service Nathan Ward (Sep 12)
- Re: community real-time BGP hijack notification service Matthew Moyle-Croft (Sep 13)
- Re: community real-time BGP hijack notification service Randy Bush (Sep 13)
- Re: community real-time BGP hijack notification service Nathan Ward (Sep 13)
- Re: community real-time BGP hijack notification service Arnaud de Prelle (Sep 12)
- Re: community real-time BGP hijack notification service Hank Nussbacher (Sep 14)