Re: Argus: a hijacking alarm system

[Yang Xiang <xiangy08 () csnet1 cs tsinghua edu cn>]

_________________________________
Yang Xiang . about.me/xiangyang
Ph.D candidate. Tsinghua University
Argus: argus.csnet1.cs.tsinghua.edu.cn



2012/1/20 Jeroen Massar <jeroen () unfix org>

> On 2012-01-20 12:01 , Yang Xiang wrote:
>
> > 2012/1/20 Suresh Ramasubramanian <ops.lists () gmail com
> > <mailto:ops.lists () gmail com>>
> Please note that automated polling of route servers without prior
> consent of the owner of said route server might not be completely
> acceptable as it puts serious loads on them.
>
> A better way is to get proper BGP sessions set up towards various
> locations.
>
> You might also want to look at
> http://www.ripe.net/data-tools/stats/ris/ris-raw-data which describes
> how to get access to RIPE's RIS system raw data, this is what BGPMon
> also uses.

Argus receives BGP update from BGPmon,
and only access route servers when it find one BGP update is 'anomalous'.

We also controlled the load to these route servers.
After login to the route server,
Argus only execute 'ping' for a given IP address, and 'show ip bgp' for a
given prefix,
and will logout from the route server after two minutes.


> Greets,
>  Jeroen