[107736] in North American Network Operators' Group
Re: community real-time BGP hijack notification service
daemon@ATHENA.MIT.EDU (Andy Davidson)
Fri Sep 12 10:07:56 2008
From: Andy Davidson <andy@nosignal.org>
To: Nathan Ward <nanog@daork.net>
In-Reply-To: <B38BE366-2E4A-4616-A9F6-8A7F068784DB@daork.net>
Date: Fri, 12 Sep 2008 15:07:38 +0100
Cc: nanog <nanog@merit.edu>
Errors-To: nanog-bounces@nanog.org
On 12 Sep 2008, at 13:49, Nathan Ward wrote:
> On 12/09/2008, at 10:42 PM, Gadi Evron wrote:
>> Hi, WatchMy.Net is a new community service to alert you when your
>> prefix
>> has been hijacked, in real-time.
> I just had a quick play with this, as I've been considering hacking
> together something similar.
Everyone with any interest in this topic should look at the MyASN
service from the RIPE NCC (which I use and think is brilliant).
http://www.ris.ripe.net/myasn.html
"
The MyASN service notifies network operators when a prefix is
announced with an incorrect AS path. An AS path is seen as incorrect
when it does not match with a regular expression. As not everyone is
familiar with regular expressions, MyASN provides several easy ways to
define typical checks, like "the origin of this prefix must be AS x"
or "the origin of this prefix must be AS x and transit may be provided
through y or z". However, as any AS path regular expression can be
set, the MyASN service is suitable for regular expressions gurus as
well.
"
To address Nathan's point, I recommend the RIPE service because for
such a service to be ubiquitously useful, it needs to have many eyes
(a view of routing tables at lots of points on the internet) which is
where the very well peered situation of RIS comes into effect. At the
last RIPE meeting I think i saw RIS had over 600 peers, which it
collects at internet exchange points all over the world.
best wishes
Andy
