If you want to play around with RPKI Origin Validation, you can download the RIPE NCC RPKI Validator here: http://ripe.net/certification/tools-and-resources It's simple to set up and use: just unzip the package on a *NIX system, run ./bin/rpki-validator and browse to http://localhost:8080
EuroTransit have a public one running here: http://rpki01.fra2.de.euro-transit.net:8080/ You can see it's pointing to several Trust Anchors, downloads and validates all ROA periodically, you can apply ignore filters and white lists, see a BGP announcement validity preview based on route collector data, integrates with existing (RPSL based) workflows and can talk to RPKI-capable routers. If you want to get an idea of how an RPKI-capable router would be configured, here's some sample config for Cisco and Juniper: http://www.ripe.net/certification/router-configuration You can also log into a public RPKI-capable Juniper here: 193.34.50.25, 193.34.50.26 telnet username: rpki password: testbed With additional documentation available here: http://rpki01.fra2.de.euro-transit.net/documentation.html Have fun, Alex On 20 Jan 2012, at 13:08, Arturo Servin wrote: > > You could use RPKI and origin validation as well. > > We have an application that does that. > > http://www.labs.lacnic.net/rpkitools/looking_glass/ > > For example you can periodically check if your prefix is valid: > > http://www.labs.lacnic.net/rpkitools/looking_glass/rest/valid/cidr/200.7.84.0/23/ > > If it were invalid for a possible hijack it would look like: > > http://www.labs.lacnic.net/rpkitools/looking_glass/rest/invalid/cidr/200.31.18.0/24/ > > Or you can just query for any state: > > http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.31.12.0/22/ > > > > Regards, > as > > On 20 Jan 2012, at 07:47, Yang Xiang wrote: > >> Hi, >> >> I build a system ‘Argus’ to real-timely alert prefix hijackings. >> Argus monitors the Internet and discovers anomaly BGP updates which caused >> by prefix hijacking. >> When Argus discovers a potential prefix hijacking, it will advertise it in >> a very short time, >> both in our website (http://argus.csnet1.cs.tsinghua.edu.cn) and the >> mailing list (ar...@csnet1.cs.tsinghua.edu.cn). >> >> Argus has been running in the Internet for more than eight months, >> it usually can discover potential prefix hijackings in ten seconds after >> the first anomaly BGP update announced. >> Several hijacking alarms have been confirmed by network operators. >> For example: http://argus.csnet1.cs.tsinghua.edu.cn/fingerprints/61544/ has >> been confirmed by the network operators of AS23910 and AS4538, >> it was a prefix hijacking caused by a mis-configuration of route filter. >> >> If you are interest in BGP security, welcome to visit our website and >> subscribe the mailing list. >> If you are interest in the system itself, you can find our paper which >> published in ICNP 2011 (FIST workshop) >> http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6089080. >> >> Hope Argus will be useful for you. >> _________________________________ >> Yang Xiang . about.me/xiangyang >> Ph.D candidate. Tsinghua University >> Argus: argus.csnet1.cs.tsinghua.edu.cn > >
