[107738] in North American Network Operators' Group
Re: community real-time BGP hijack notification service (fwd)
daemon@ATHENA.MIT.EDU (Avi Freedman)
Fri Sep 12 10:51:18 2008
To: arnaud@pnzone.net, ge@linuxbox.org
Date: Fri, 12 Sep 2008 10:50:43 -0400 (EDT)
From: Avi Freedman <freedman@freedman.net>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
Hi, Arnaud. The design is to only watch the origin ASN, not the other
ASNs in the path. Support for doing something with the transit portion
wof the AS_PATH will be added, probably a very simple "alert if X is
in there" or "alert if Y is not in there".
As others have said it's imperfect so ideas are welcome but the goal
here is to try to keep it useful but simple.
Thanks,
Avi
> Date: Fri, 12 Sep 2008 14:18:58 +0200
> From: Arnaud de Prelle <arnaud@pnzone.net>
> To: Gadi Evron <ge@linuxbox.org>
> Cc: nanog@merit.edu
> Subject: Re: community real-time BGP hijack notification service
>
> Hello Gadi,
>
> Gadi Evron wrote:
> > Hi, WatchMy.Net is a new community service to alert you when your prefix
> > has been hijacked, in real-time.
>
> Very good initiative. You can count on me as one of your users.
>
> Note that apparently it doesn't seem to be working as expected yet.
> Indeed I already received two false alerts:
>
> 1.
> Subject:
> watchmy.net BGP Alert - seeing {91.198.99.0/24, 6450 3737 701 702 43751}
>
> Body:
> Hello, we are seeing 91.198.99.0/24 being advertised with aspath 6450
> 3737 701 702 43751.
>
> We are alerting you because of the rule you set that is watching for
> prefixes that match or are more specific than 91.198.99.0/24, and are
> originated with any origin AS other than one of 702,6661,8220
