Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

Arturo Servin aservin at lacnic.net
Fri Jan 20 12:08:17 UTC 2012


	You could use RPKI and origin validation as well.

	We have an application that does that. 

	http://www.labs.lacnic.net/rpkitools/looking_glass/

	For example you can periodically check if your prefix is valid:

http://www.labs.lacnic.net/rpkitools/looking_glass/rest/valid/cidr/200.7.84.0/23/

	If it were invalid for a possible hijack it would look like:

http://www.labs.lacnic.net/rpkitools/looking_glass/rest/invalid/cidr/200.31.18.0/24/

	Or you can just query for any state:

http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.31.12.0/22/



Regards,
as

On 20 Jan 2012, at 07:47, Yang Xiang wrote:

> Hi,
> 
> I build a system ‘Argus’ to real-timely alert prefix hijackings.
> Argus monitors the Internet and discovers anomaly BGP updates which caused
> by prefix hijacking.
> When Argus discovers a potential prefix hijacking, it will advertise it in
> a very short time,
> both in our website (http://argus.csnet1.cs.tsinghua.edu.cn) and the
> mailing list (argus at csnet1.cs.tsinghua.edu.cn).
> 
> Argus has been running in the Internet for more than eight months,
> it usually can discover potential prefix hijackings in ten seconds after
> the first anomaly BGP update announced.
> Several hijacking alarms have been confirmed by network operators.
> For example: http://argus.csnet1.cs.tsinghua.edu.cn/fingerprints/61544/ has
> been confirmed by the network operators of AS23910 and AS4538,
> it was a prefix hijacking caused by a mis-configuration of route filter.
> 
> If you are interest in BGP security, welcome to visit our website and
> subscribe the mailing list.
> If you are interest in the system itself, you can find our paper which
> published in ICNP 2011 (FIST workshop)
> http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6089080.
> 
> Hope Argus will be useful for you.
> _________________________________
> Yang Xiang . about.me/xiangyang
> Ph.D candidate. Tsinghua University
> Argus: argus.csnet1.cs.tsinghua.edu.cn




More information about the NANOG mailing list