community real-time BGP hijack notification service (fwd)

• Previous message (by thread): community real-time BGP hijack notification service
• Next message (by thread): Identifying when netblocks have been assigned
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, Arnaud.  The design is to only watch the origin ASN, not the other
ASNs in the path.  Support for doing something with the transit portion
wof the AS_PATH will be added, probably a very simple "alert if X is
in there" or "alert if Y is not in there".

As others have said it's imperfect so ideas are welcome but the goal
here is to try to keep it useful but simple.

Thanks,

Avi

> Date: Fri, 12 Sep 2008 14:18:58 +0200
> From: Arnaud de Prelle <arnaud at pnzone.net>
> To: Gadi Evron <ge at linuxbox.org>
> Cc: nanog at merit.edu
> Subject: Re: community real-time BGP hijack notification service
> 
> Hello Gadi,
> 
> Gadi Evron wrote:
> > Hi, WatchMy.Net is a new community service to alert you when your prefix
> > has been hijacked, in real-time.
> 
> Very good initiative. You can count on me as one of your users.
> 
> Note that apparently it doesn't seem to be working as expected yet.
> Indeed I already received two false alerts:
> 
> 1.
> Subject:
> watchmy.net BGP Alert - seeing {91.198.99.0/24, 6450 3737 701 702 43751}
> 
> Body:
> Hello, we are seeing 91.198.99.0/24 being advertised with aspath 6450
> 3737 701 702 43751.
> 
> We are alerting you because of the rule you set that is watching for
> prefixes that match or are more specific than 91.198.99.0/24, and are
> originated with any origin AS other than one of 702,6661,8220

• Previous message (by thread): community real-time BGP hijack notification service
• Next message (by thread): Identifying when netblocks have been assigned
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]