Re: community real-time BGP hijack notification service (fwd)
Hi, Arnaud. The design is to only watch the origin ASN, not the other ASNs in the path. Support for doing something with the transit portion wof the AS_PATH will be added, probably a very simple "alert if X is in there" or "alert if Y is not in there". As others have said it's imperfect so ideas are welcome but the goal here is to try to keep it useful but simple. Thanks, Avi
Date: Fri, 12 Sep 2008 14:18:58 +0200 From: Arnaud de Prelle <arnaud@pnzone.net> To: Gadi Evron <ge@linuxbox.org> Cc: nanog@merit.edu Subject: Re: community real-time BGP hijack notification service
Hello Gadi,
Gadi Evron wrote:
Hi, WatchMy.Net is a new community service to alert you when your prefix has been hijacked, in real-time.
Very good initiative. You can count on me as one of your users.
Note that apparently it doesn't seem to be working as expected yet. Indeed I already received two false alerts:
1. Subject: watchmy.net BGP Alert - seeing {91.198.99.0/24, 6450 3737 701 702 43751}
Body: Hello, we are seeing 91.198.99.0/24 being advertised with aspath 6450 3737 701 702 43751.
We are alerting you because of the rule you set that is watching for prefixes that match or are more specific than 91.198.99.0/24, and are originated with any origin AS other than one of 702,6661,8220
participants (1)
-
Avi Freedman