community real-time BGP hijack notification service

• Previous message (by thread): community real-time BGP hijack notification service
• Next message (by thread): community real-time BGP hijack notification service
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Arnaud de Prelle wrote:
> I think that most of us (me included) are already using it but the
> problem is that they don't have BGP collectors everywhere in the world.
> This is in fact a generic issue for BGP monitoring.
>   
In this case it's very important to have a lot of collectors broadly 
distributed listening in many ASes.

For example:

If I know there are two BGP collectors driving this service, and they're 
in, say, AS701 and AS1239, then if I wanted to do a partial hijack 
(which might be good enough for my evil purposes) then I could advertise 
a path which had those ASes stuffed in it and prevent downstream 
collectors in AS701 and AS1239 from learning the hijack path.

> So the more we get the best it is and that's why I'll be using Gadi's
> BGP monitoring tool (and any other that might come) in parallel with the
> one provided by the RIPE.
>   
Hear hear for Gadi and others offering these tools. 

MMC

-- 
Matthew Moyle-Croft - Internode/Agile - Networks

• Previous message (by thread): community real-time BGP hijack notification service
• Next message (by thread): community real-time BGP hijack notification service
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]