Argus: a hijacking alarm system

Yang Xiang xiangy08 at
Fri Jan 20 12:14:25 UTC 2012

Yang Xiang .
Ph.D candidate. Tsinghua University

2012/1/20 Jeroen Massar <jeroen at>

> On 2012-01-20 12:01 , Yang Xiang wrote:
> > 2012/1/20 Suresh Ramasubramanian <ops.lists at
> > <mailto:ops.lists at>>
> >
> >
> Please note that automated polling of route servers without prior
> consent of the owner of said route server might not be completely
> acceptable as it puts serious loads on them.
> A better way is to get proper BGP sessions set up towards various
> locations.
> You might also want to look at
> which describes
> how to get access to RIPE's RIS system raw data, this is what BGPMon
> also uses.

Argus receives BGP update from BGPmon,
and only access route servers when it find one BGP update is 'anomalous'.

We also controlled the load to these route servers.
After login to the route server,
Argus only execute 'ping' for a given IP address, and 'show ip bgp' for a
given prefix,
and will logout from the route server after two minutes.

> Greets,
>  Jeroen

More information about the NANOG mailing list