[107776] in North American Network Operators' Group
Re: community real-time BGP hijack notification service
daemon@ATHENA.MIT.EDU (Matthew Moyle-Croft)
Sat Sep 13 01:48:48 2008
Date: Sat, 13 Sep 2008 15:18:25 +0930
From: Matthew Moyle-Croft <mmc@internode.com.au>
To: Arnaud de Prelle <arnaud@pnzone.net>
In-Reply-To: <48CA7BD6.1090507@pnzone.net>
Cc: nanog <nanog@merit.edu>
Errors-To: nanog-bounces@nanog.org
Arnaud de Prelle wrote:
> I think that most of us (me included) are already using it but the
> problem is that they don't have BGP collectors everywhere in the world.
> This is in fact a generic issue for BGP monitoring.
>
In this case it's very important to have a lot of collectors broadly
distributed listening in many ASes.
For example:
If I know there are two BGP collectors driving this service, and they're
in, say, AS701 and AS1239, then if I wanted to do a partial hijack
(which might be good enough for my evil purposes) then I could advertise
a path which had those ASes stuffed in it and prevent downstream
collectors in AS701 and AS1239 from learning the hijack path.
> So the more we get the best it is and that's why I'll be using Gadi's
> BGP monitoring tool (and any other that might come) in parallel with the
> one provided by the RIPE.
>
Hear hear for Gadi and others offering these tools.
MMC
--
Matthew Moyle-Croft - Internode/Agile - Networks
