On Tue, Feb 28, 2017 at 12:15 AM, Nagarjun Govindraj < nagarjun.govind...@imaginea.com> wrote:
> > Well, the idea behind the mail was to know if anyone in the community are > doing real time BGP IP prefix hijacking. > Like Artemis detection tool claims to be detecting in 1.4 ~ 3.1 minutes. > So I wanted to know if anyone in the community are using such tools for > detecting hijacks, if yes how much time does the system take to detect. > > My guess is: "yes, people are struggling through hjjack detection problems" and: "1-3 minutes isn't as important as the time spent figuring out: 1) is the alert real (this time!), 2) what will you do about it?" Then you sink time into: "Hey remote peer of not me, could you stop accepting the prefix X/y from your 'customer' because .. clearly they are not me..." Also, maybe time to push for more RPKI deployment so you can say: "Hey peer of not me out there in the world, you note that I've a signed certificate from $RIR attesting that I'm the proper user of prefix X/y and I've created and published ROA data saying the proper origin-as for X/y is M... your customer isn't M... so, yea, please stop accepting that prefix from them? Kthxbi!" You may ALSO want to ask: "So, about that customer (and all your other customers) you DO have bgp prefix filters on their sessions, right? because the year is 2017 and that is ... table-stakes for operating a part of the global internet now... right?" -chris > > Regards, > Nagarjun > > On Mon, Feb 27, 2017 at 10:59 PM Nick Hilliard <n...@foobar.org> wrote: > >> Christopher Morrow wrote: >> > Also: "How reliable are the alerts being sent?" >> >> also: do the smtp servers which handle mail for the domain of the >> alerting email address use the IP address space as they're notifying >> about? >> >> Nick >> >>
