North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: community real-time BGP hijack notification service
On 13/09/2008, at 1:14 AM, Christian Koch wrote: Maybe a better idea would be if you were able to input your origin asn and define your upstreams and/or peers, to be alerted on as well. (ie: Do not alert me on any paths containing 123_000, 456_000, 789_000). Again, that is trivially easy to falsify. My best quick hack solution so far is to fire off a traceroute and make sure that the traceroute gets ICMP TTL expire messages from IP addresses that are in prefixes originated from all the ASes in the ASPATH. Still forgeable, but a bit more difficult.. still far from perfect though. -- Nathan Ward
|