nanog mailing list archives
Re: community real-time BGP hijack notification service
From: Avi Freedman <freedman () freedman net>
Date: Fri, 12 Sep 2008 11:00:15 -0400 (EDT)
Nathan wrote:
My best quick hack solution so far is to fire off a traceroute and make sure that the traceroute gets ICMP TTL expire messages from IP addresses that are in prefixes originated from all the ASes in the ASPATH. Still forgeable, but a bit more difficult.. still far from perfect though.
An interesting idea although I think the false positive rate would be very high with all of the filtering (and mismatch between traceroute and BGP topologies) that exists out there. It'd be interesting for someone to try and see how well it works though. (Any researchers hanging out on NANOG want to try a weekend project...)
Nathan Ward
Avi
Current thread:
- RE: community real-time BGP hijack notification service, (continued)
- RE: community real-time BGP hijack notification service Skywing (Sep 12)
- Re: community real-time BGP hijack notification service Andrew Fried (Sep 12)
- Re: community real-time BGP hijack notification service Gadi Evron (Sep 12)
- RE: community real-time BGP hijack notification service Skywing (Sep 12)
- RE: community real-time BGP hijack notification service Gadi Evron (Sep 12)
- Re: community real-time BGP hijack notification service Heather Schiller (Sep 12)
- Re: community real-time BGP hijack notification service Gadi Evron (Sep 12)
- Re: community real-time BGP hijack notification service Erik Romijn (Sep 12)