Re: community real-time BGP hijack notification service (fwd)

[Avi Freedman <freedman () freedman net>]

Hi, Arnaud.  The design is to only watch the origin ASN, not the other
ASNs in the path.  Support for doing something with the transit portion
wof the AS_PATH will be added, probably a very simple "alert if X is
in there" or "alert if Y is not in there".

As others have said it's imperfect so ideas are welcome but the goal
here is to try to keep it useful but simple.

Thanks,

Avi

> Date: Fri, 12 Sep 2008 14:18:58 +0200
> From: Arnaud de Prelle <arnaud () pnzone net>
> To: Gadi Evron <ge () linuxbox org>
> Cc: nanog () merit edu
> Subject: Re: community real-time BGP hijack notification service
>
> Hello Gadi,
>
> Gadi Evron wrote:
> > Hi, WatchMy.Net is a new community service to alert you when your prefix
> > has been hijacked, in real-time.
>
> Very good initiative. You can count on me as one of your users.
>
> Note that apparently it doesn't seem to be working as expected yet.
> Indeed I already received two false alerts:
>
> 1.
> Subject:
> watchmy.net BGP Alert - seeing {91.198.99.0/24, 6450 3737 701 702 43751}
>
> Body:
> Hello, we are seeing 91.198.99.0/24 being advertised with aspath 6450
> 3737 701 702 43751.
>
> We are alerting you because of the rule you set that is watching for
> prefixes that match or are more specific than 91.198.99.0/24, and are
> originated with any origin AS other than one of 702,6661,8220