Argus: a hijacking alarm system

Yang Xiang xiangy08 at csnet1.cs.tsinghua.edu.cn
Fri Jan 20 06:14:25 CST 2012


_________________________________
Yang Xiang . about.me/xiangyang
Ph.D candidate. Tsinghua University
Argus: argus.csnet1.cs.tsinghua.edu.cn



2012/1/20 Jeroen Massar <jeroen at unfix.org>

> On 2012-01-20 12:01 , Yang Xiang wrote:
>
> > 2012/1/20 Suresh Ramasubramanian <ops.lists at gmail.com
> > <mailto:ops.lists at gmail.com>>
> >
> >
> Please note that automated polling of route servers without prior
> consent of the owner of said route server might not be completely
> acceptable as it puts serious loads on them.
>
> A better way is to get proper BGP sessions set up towards various
> locations.
>
> You might also want to look at
> http://www.ripe.net/data-tools/stats/ris/ris-raw-data which describes
> how to get access to RIPE's RIS system raw data, this is what BGPMon
> also uses.
>

Argus receives BGP update from BGPmon,
and only access route servers when it find one BGP update is 'anomalous'.

We also controlled the load to these route servers.
After login to the route server,
Argus only execute 'ping' for a given IP address, and 'show ip bgp' for a
given prefix,
and will logout from the route server after two minutes.


>
> Greets,
>  Jeroen
>
>


More information about the NANOG mailing list