Peering with the Internet Alert Registry

All, Some of you are aware of the site for network operators: http://iar.cs.unm.edu/ which has running for two years now. The purpose of the site is to detect and distribute network anomaly information to the network operators that need to know. The flip side of our proposed security system, Pretty Good BGP (PGBGP), lowers the local preference of anomalous routes on BGP routers for 24 hours, giving operators time to respond to anomalous routes before they can fully propagate. Now, PGBGP is in actual routing software (Quagga), which we soon hope to distribute. As an initial means of test, we will switch the IAR to it (instead of scraping RIPE/RouteViews with a script). This means that we will need peers to provide the IAR with BGP updates (we will not propagate any route updates to your routers). Currently we have three BGP streams, more would be appreciated. If you would like to contribute to our research project, please reply directly to me. More information about the project can be found here: http://cs.unm.edu/~karlinjf/pgbgp/ <http://cs.unm.edu/%7Ekarlinjf/pgbgp/> Thanks! Josh

On Mon, Mar 10, 2008 at 11:01 AM, Josh Karlin <karlinjf@cs.unm.edu> wrote:
All,
Some of you are aware of the site for network operators: http://iar.cs.unm.edu/ which has running for two years now. The purpose of the site is to detect and distribute network anomaly information to the network operators that need to know. The flip side of our proposed security system, Pretty Good BGP (PGBGP), lowers the local preference of anomalous routes on BGP routers for 24 hours, giving operators time to respond to anomalous routes before they can fully propagate.
does pgbgp toss out alerts/snmp-traps/log-messages when these anomalous announcements arrive? if not, how does one know they are inside the 24hr window?

Chris, That's a good question. IAR peers that also wish to run PGBGP will transmit their anomalous routes out of band to the IAR. This will likely be done via logs and a simple forwarding script. Josh On Mon, Mar 10, 2008 at 4:01 PM, Christopher Morrow < christopher.morrow@gmail.com> wrote:
All,
Some of you are aware of the site for network operators: http://iar.cs.unm.edu/ which has running for two years now. The
On Mon, Mar 10, 2008 at 11:01 AM, Josh Karlin <karlinjf@cs.unm.edu> wrote: purpose of
the site is to detect and distribute network anomaly information to the network operators that need to know. The flip side of our proposed security system, Pretty Good BGP (PGBGP), lowers the local preference of anomalous routes on BGP routers for 24 hours, giving operators time to respond to anomalous routes before they can fully propagate.
does pgbgp toss out alerts/snmp-traps/log-messages when these anomalous announcements arrive? if not, how does one know they are inside the 24hr window?
participants (2)
-
Christopher Morrow
-
Josh Karlin