community real-time BGP hijack notification service

Nathan Ward nanog at
Fri Sep 12 08:27:31 CDT 2008

On 13/09/2008, at 1:14 AM, Christian Koch wrote:

> Maybe a better idea would be if you were able to input your origin asn
> and define your upstreams and/or peers, to be alerted on as well. (ie:
> Do not alert me on any paths containing  123_000, 456_000, 789_000).

Again, that is trivially easy to falsify.

My best quick hack solution so far is to fire off a traceroute and  
make sure that the traceroute gets ICMP TTL expire messages from IP  
addresses that are in prefixes originated from all the ASes in the  
Still forgeable, but a bit more difficult.. still far from perfect  

Nathan Ward

More information about the NANOG mailing list