[107733] in North American Network Operators' Group
Re: community real-time BGP hijack notification service
daemon@ATHENA.MIT.EDU (Nathan Ward)
Fri Sep 12 09:28:08 2008
From: Nathan Ward <nanog@daork.net>
To: nanog <nanog@merit.edu>
In-Reply-To: <c93a55220809120614p6f413628qcbb3d56aa580f25c@mail.gmail.com>
Date: Sat, 13 Sep 2008 01:27:31 +1200
Errors-To: nanog-bounces@nanog.org
On 13/09/2008, at 1:14 AM, Christian Koch wrote:
> Maybe a better idea would be if you were able to input your origin asn
> and define your upstreams and/or peers, to be alerted on as well. (ie:
> Do not alert me on any paths containing 123_000, 456_000, 789_000).
Again, that is trivially easy to falsify.
My best quick hack solution so far is to fire off a traceroute and
make sure that the traceroute gets ICMP TTL expire messages from IP
addresses that are in prefixes originated from all the ASes in the
ASPATH.
Still forgeable, but a bit more difficult.. still far from perfect
though.
--
Nathan Ward
