nanog mailing list archives

Re: community real-time BGP hijack notification service

From: Avi Freedman <freedman () freedman net>
Date: Fri, 12 Sep 2008 11:00:15 -0400 (EDT)

Nathan wrote:

My best quick hack solution so far is to fire off a traceroute and make sure
that the traceroute gets ICMP TTL expire messages from IP addresses that are in
prefixes originated from all the ASes in the ASPATH.
Still forgeable, but a bit more difficult.. still far from perfect though.


An interesting idea although I think the false positive rate would be very
high with all of the filtering (and mismatch between traceroute and BGP
topologies) that exists out there.

It'd be interesting for someone to try and see how well it works though.
(Any researchers hanging out on NANOG want to try a weekend project...)

Nathan Ward

Avi

Current thread:

RE: community real-time BGP hijack notification service, (continued)
- - - RE: community real-time BGP hijack notification service Skywing (Sep 12)
    - Re: community real-time BGP hijack notification service Andrew Fried (Sep 12)
    - Re: community real-time BGP hijack notification service Gadi Evron (Sep 12)
    - RE: community real-time BGP hijack notification service Skywing (Sep 12)
    - RE: community real-time BGP hijack notification service Gadi Evron (Sep 12)
    - Re: community real-time BGP hijack notification service Heather Schiller (Sep 12)
    - Re: community real-time BGP hijack notification service Gadi Evron (Sep 12)
  - Re: community real-time BGP hijack notification service Gadi Evron (Sep 16)
- Re: community real-time BGP hijack notification service Avi Freedman (Sep 12)
  - Re: community real-time BGP hijack notification service Erik Romijn (Sep 12)
- Re: community real-time BGP hijack notification service Avi Freedman (Sep 12)
- Re: community real-time BGP hijack notification service Avi Freedman (Sep 12)
- Re: community real-time BGP hijack notification service Avi Freedman (Sep 12)