nanog mailing list archives

Re: Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released


From: Hank Nussbacher <hank () efes iucc ac il>
Date: Sat, 22 Dec 2018 17:51:18 +0200

On 21/12/2018 17:10, Jared Mauch wrote:

So expect now BGP hijackers to announce /25s from here on in.  They generally adopt BCPs faster than providers.

-Hank

Folks have studied announcing a /25 etc.. and it can help because many providers will accept them.. it won’t get 
everyone, but longer than /24 prefixes do help.

- Jared

On Dec 21, 2018, at 10:07 AM, Kody Vicknair <kvicknair () reservetele com> wrote:

I'm curious, If the highjacked prefix is a /24 (subset of your much larger /22) and you can only tie the highjacked 
prefix, at that point how effective is the mitigation outside of a default bgp route selection process?






-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Vasileios Kotronis
Sent: Thursday, December 20, 2018 11:23 AM
To: nanog () nanog org
Subject: Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released

Dear operators,

FORTH's INSPIRE group and CAIDA are delighted to announce the public release of the ARTEMIS BGP prefix hijacking 
detection tool, available as open-source software at https://github.com/FORTH-ICS-INSPIRE/artemis

ARTEMIS is designed to be operated by an AS in order to monitor BGP for potential hijacking attempts against its own 
prefixes. The system detects such attacks within seconds, enabling immediate mitigation. The current release has been 
tested at a major greek ISP, a dual-homed edge academic network, and a major US R&E backbone network.

We would be happy if you'd give it a try and provide feedback. Feel free to make pull requests on GitHub and help us 
make this a true community project.

ARTEMIS is funded by European Research Council (ERC) grant agreement no.
338402 (NetVolution Project), the RIPE NCC Community Projects 2017, the Comcast Innovation Fund, US NSF grants OAC-1848641 
and CNS-1423659 and US DHS S&T contract HHSP233201600012C.

Best regards,
Vasileios

--
=======================================
Vasileios Kotronis
Postdoctoral Researcher, member of the INSPIRE Group INSPIRE = INternet Security, Privacy, and Intelligence REsearch 
Telecommunications and Networks Lab (TNL) Foundation for Research and Technology - Hellas (FORTH) Leoforos Plastira 
100, Heraklion 70013, Greece e-mail : vkotronis () ics forth gr
url: http://inspire.edu.gr
=======================================








Current thread: