|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Tracking spoofed routes?
Arife Vural writes: [in response to Florian Frotzler <[email protected]>:] >> To my knowledge, the myas-tool/-service from RIPE NCC is kind of >> doing what you like to achive. > MyASN is working on user-based. To get the alarm for unexpected > routing patterns, you should set it up an account beforehand. I have been using MyASN for half a year, and it is quite nice. Setting it up required typing all our customer routes into Web forms, which was somewhat tedious, but now I receive alerts in almost real time as soon as someone tries to "highjack" our routes or announces more-specifics. For example, there was a large-scale incident on 24 December 2004 (see e.g. http://www.merit.edu/mailinglist/mailarchives/old_archive/msg03827.html). It started shortly before 09:20 UTC, and at 09:59 UTC I received an alert from MyASN that some of our customer routes were announced from another AS. This is very respectable, especially since the system must have been very heavily loaded at that time, because of the sheer number of BGP updates and the number of potential alerts (MOST prefixes were highjacked at some point during that day). > I think for Kevin's situation, we have other tools. One is called, > "Search by Prefix" and other one is BGPlay. Both tools are running > over last 3 months routing data. One problem is that Kevin is looking for an announcement of a *more specific* prefix from his space. BGPlay only supports queries on exact prefixes I think. The "Search by Prefix" tool seems to be ideal for Kevin's application though. > URL for those tools, > http://www.ris.ripe.net/cgi-bin/risprefix.cgi > http://www.ris.ripe.net/bgplay/ -- Simon.
|