[107230] in North American Network Operators' Group
Re: Revealed: The Internet's well known BGP behavior
daemon@ATHENA.MIT.EDU (Jim Popovitch)
Thu Aug 28 01:40:29 2008
Date: Thu, 28 Aug 2008 01:40:23 -0400
From: "Jim Popovitch" <yahoo@jimpop.com>
To: "NANOG list" <nanog@merit.edu>
In-Reply-To: <D2F12D1F-8B34-4521-B977-636AD0198C0A@ianai.net>
Errors-To: nanog-bounces@nanog.org
On Thu, Aug 28, 2008 at 1:22 AM, Patrick W. Gilmore <patrick@ianai.net> wrote:
> Assuming it is in the "wrong" place, you may be able to detect the
> intrusion. But most people do not run traceroutes all day and watch for it
> to change. If you run the traceroute after the attack starts, well, how are
> you to know that br01-pos07-$FOO-$BAR is wrong and br03-10GE02-$BLAH-$BAR is
> right?
Uhhh... network monitoring with traceroute and topology tools. There
are several off-the-shelf varieties to choose from, and I know of
several providers that use them.
-Jim P.
