Re: Prefix Hijack Tool Comaprision
OK. This seems to be a flaw in RIPE RIS, a pity because BGPlay is great. - original message - Subject: Re: Prefix Hijack Tool Comaprision From: Todd Underwood <todd@renesys.com> Date: 13/11/2008 8:05 pm alexander, all, On Thu, Nov 13, 2008 at 07:56:26PM +0000, Alexander Harrowell wrote:
It may be the North American NOG, but it's been said before that it functions as a GNOG, G for Global. I don't think Brazil is insignificant. I respect Todd's work greatly, but I think he's wrong on this point.
you misread me. i did not say that brazil was insignificant. it's not. it has some of the fastest growing internet in latin america. i said that *this* hijacking took place in an insignificant corner of the internet. i mean this AS-map wise rather than geographically. this hijacking didn't even spread beyond one or two ASes, one of whom just happened to be a RIPE RIS peer. real hijackings leak into dozens or hundreds or thousands of ASNs. they spread far and wide. that's why people carry them out, when they do. this one was stopped in its tracks in a very small portion of one corner of the AS graph. as such, i don't count it as a hijacking or leak of any great significance and wouldn't want to alert anyone about it. that's why i recommend that prefix hijacking detection systems do thresholding of peers to prevent a single, rogue, unrepresentative peer from reporting a hijacking when none is really happening. others may have a different approach, but without thresholding prefix alert systems can be noisy and more trouble than they are worth. sorry if it appears that i was denegrating .br . i was not. t. -- _____________________________________________________________________ todd underwood +1 603 643 9300 x101 renesys corporation todd@renesys.com http://www.renesys.com/blog
Alexander Harrowell wrote:
OK. This seems to be a flaw in RIPE RIS, a pity because BGPlay is great.
It is not a flaw in RIPE RIS. One of the RIPE RIS servers was just within the AS'es that where affected, so it will show up. What BGPplay og BGPmon do with that data afterwards is an entire different story. RIPE RIS just collects data from various viewpoints. It's the users, that have to create the threshoulds or to decide how significant that data is. Kind regards, Martin List-Petersen Airwire, Galway, Eire
- original message - Subject: Re: Prefix Hijack Tool Comaprision From: Todd Underwood <todd@renesys.com> Date: 13/11/2008 8:05 pm
alexander, all,
On Thu, Nov 13, 2008 at 07:56:26PM +0000, Alexander Harrowell wrote:
It may be the North American NOG, but it's been said before that it functions as a GNOG, G for Global. I don't think Brazil is insignificant. I respect Todd's work greatly, but I think he's wrong on this point.
you misread me.
i did not say that brazil was insignificant. it's not. it has some of the fastest growing internet in latin america.
i said that *this* hijacking took place in an insignificant corner of the internet. i mean this AS-map wise rather than geographically. this hijacking didn't even spread beyond one or two ASes, one of whom just happened to be a RIPE RIS peer.
real hijackings leak into dozens or hundreds or thousands of ASNs. they spread far and wide. that's why people carry them out, when they do. this one was stopped in its tracks in a very small portion of one corner of the AS graph.
as such, i don't count it as a hijacking or leak of any great significance and wouldn't want to alert anyone about it. that's why i recommend that prefix hijacking detection systems do thresholding of peers to prevent a single, rogue, unrepresentative peer from reporting a hijacking when none is really happening. others may have a different approach, but without thresholding prefix alert systems can be noisy and more trouble than they are worth.
sorry if it appears that i was denegrating .br . i was not.
t.
-- Airwire - Ag Nascadh Pobal an Iarthar http://www.airwire.ie Phone: 091-865 968
participants (2)
-
Alexander Harrowell
-
Martin List-Petersen