On Tue, Feb 28, 2017 at 12:15 AM, Nagarjun Govindraj < nagarjun.govindraj@imaginea.com> wrote:
Well, the idea behind the mail was to know if anyone in the community are doing real time BGP IP prefix hijacking. Like Artemis detection tool claims to be detecting in 1.4 ~ 3.1 minutes. So I wanted to know if anyone in the community are using such tools for detecting hijacks, if yes how much time does the system take to detect.
My guess is: "yes, people are struggling through hjjack detection problems" and: "1-3 minutes isn't as important as the time spent figuring out: 1) is the alert real (this time!), 2) what will you do about it?" Then you sink time into: "Hey remote peer of not me, could you stop accepting the prefix X/y from your 'customer' because .. clearly they are not me..." Also, maybe time to push for more RPKI deployment so you can say: "Hey peer of not me out there in the world, you note that I've a signed certificate from $RIR attesting that I'm the proper user of prefix X/y and I've created and published ROA data saying the proper origin-as for X/y is M... your customer isn't M... so, yea, please stop accepting that prefix from them? Kthxbi!" You may ALSO want to ask: "So, about that customer (and all your other customers) you DO have bgp prefix filters on their sessions, right? because the year is 2017 and that is ... table-stakes for operating a part of the global internet now... right?" -chris
Regards, Nagarjun
On Mon, Feb 27, 2017 at 10:59 PM Nick Hilliard <nick@foobar.org> wrote:
Christopher Morrow wrote:
Also: "How reliable are the alerts being sent?"
also: do the smtp servers which handle mail for the domain of the alerting email address use the IP address space as they're notifying about?
Nick