Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

2012/1/24 John Kemp > > > Minor correction there. If you are talking about our IX collectors > (LINX, PAIX, > EQIX Ashburn, SYDNEY, etc.) those are at exchanges and peering > directly. The > collectors at Univ of Oregon (rv,rv2,rv3,rv4, rv6), yeah, those are > multi-hop. > Doesn't detract from y

Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

On 1/23/2012 7:28 AM, Christopher Morrow wrote: > On Mon, Jan 23, 2012 at 10:19 AM, Yang Xiang > wrote: >> Hi chris, >> >> 2012/1/23 Christopher Morrow >>> On Fri, Jan 20, 2012 at 8:08 AM, Yang Xiang >>> wrote: 2012/1/20 Arturo Servin >> while Argus can discover potential hijackings ca

Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

2012/1/23 Christopher Morrow > > ok, that seems squirrelly still :( > > so, take routeviews for example, they peer almost exclusively > ebgp-multi-hop, so any 'best path' you see there isn't actually usable > by the route-server... all traffic has to take the local transport out > of the routevie

Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

On Mon, Jan 23, 2012 at 10:19 AM, Yang Xiang wrote: > Hi chris, > > 2012/1/23 Christopher Morrow >> >> On Fri, Jan 20, 2012 at 8:08 AM, Yang Xiang >> wrote: >> > 2012/1/20 Arturo Servin >> >> >> > while Argus can discover potential hijackings caused by anomalous AS >> >> path. >> >> reading the

Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

Hi chris, 2012/1/23 Christopher Morrow > On Fri, Jan 20, 2012 at 8:08 AM, Yang Xiang > wrote: > > 2012/1/20 Arturo Servin > > >> > while Argus can discover potential hijackings caused by anomalous AS > >> path. > > reading the preceding section (III.B) you check 3 things in the AMM > (anomaly

Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

On Fri, Jan 20, 2012 at 8:08 AM, Yang Xiang wrote: > 2012/1/20 Arturo Servin >> > while Argus can discover potential hijackings caused by anomalous AS >> path. >> >>         Can you explain how? >> > > Only a imprecisely detection. > > Section III.C in our paper > http://argus.csnet1.cs.tsinghua

Re: Argus: a hijacking alarm system

2012/1/21 Suresh Ramasubramanian > On Fri, Jan 20, 2012 at 10:45 PM, RijilV wrote: > >> A suggestion: pick a different name. There's already a network tool > >> named Argus (it's been around for years): http://www.qosient.com/argus/ > >> > >> I suggest using the name of a different Wishbone Ash

Re: Argus: a hijacking alarm system

ah, bad news ~ too many Argus :) 2012/1/21 RijilV > On 20 January 2012 07:53, Rich Kulawiec wrote: > > On Fri, Jan 20, 2012 at 05:47:21PM +0800, Yang Xiang wrote: > >> I build a system ?Argus? to real-timely alert prefix hijackings. > > > > A suggestion: pick a different name. There's already

Re: Argus: a hijacking alarm system

On Fri, Jan 20, 2012 at 10:45 PM, RijilV wrote: >> A suggestion: pick a different name.  There's already a network tool >> named Argus (it's been around for years): http://www.qosient.com/argus/ >> >> I suggest using the name of a different Wishbone Ash album: "Bona Fide". ;-) > Ha, there are alr

Re: Argus: a hijacking alarm system

On 20 January 2012 07:53, Rich Kulawiec wrote: > On Fri, Jan 20, 2012 at 05:47:21PM +0800, Yang Xiang wrote: >> I build a system ?Argus? to real-timely alert prefix hijackings. > > A suggestion: pick a different name.  There's already a network tool > named Argus (it's been around for years): http

Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

BBN has also released an initial version of their relying party software. Core features are basically the same as the other validators (namely, RPKI certificate validation), with -- more fine-grained error diagnostics and -- more robust support for the RTR protocol for distributing validated infor

Re: Argus: a hijacking alarm system

On Fri, Jan 20, 2012 at 05:47:21PM +0800, Yang Xiang wrote: > I build a system ?Argus? to real-timely alert prefix hijackings. A suggestion: pick a different name. There's already a network tool named Argus (it's been around for years): http://www.qosient.com/argus/ I suggest using the name of a

Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

If you want to play around with RPKI Origin Validation, you can download the RIPE NCC RPKI Validator here: http://ripe.net/certification/tools-and-resources It's simple to set up and use: just unzip the package on a *NIX system, run ./bin/rpki-validator and browse to http://localhost:8080 EuroTr

Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

On Jan 20, 2012, at 8:08 AM, Yang Xiang wrote: > > I think network operators are only careless, but not trust-less, > so black-hole hijacking is the majority case. This is aligned with the discussion on route leaks at the proposed interim SIDR meeting just after NANOG. Even with RPKI and BGPS

Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

2012/1/20 Arturo Servin > > On 20 Jan 2012, at 10:38, Yang Xiang wrote: > > > RPKI is great. > > > > But, firstly, ROA doesn't cover all the prefixes now, > > we need an alternative service to alert hijackings. > > Or to sign your prefixes. > Sign prefixes is the best way. Before sign al

Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

On 20 Jan 2012, at 10:38, Yang Xiang wrote: > RPKI is great. > > But, firstly, ROA doesn't cover all the prefixes now, > we need an alternative service to alert hijackings. Or to sign your prefixes. > > secondly, ROA can only secure the 'Origin AS' of a prefix, That's true.

Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

RPKI is great. But, firstly, ROA doesn't cover all the prefixes now, we need an alternative service to alert hijackings. secondly, ROA can only secure the 'Origin AS' of a prefix, while Argus can discover potential hijackings caused by anomalous AS path. After ROA and BGPsec deployed in the enti

Re: Argus: a hijacking alarm system

_ Yang Xiang . about.me/xiangyang Ph.D candidate. Tsinghua University Argus: argus.csnet1.cs.tsinghua.edu.cn 2012/1/20 Jeroen Massar > On 2012-01-20 12:01 , Yang Xiang wrote: > > > 2012/1/20 Suresh Ramasubramanian > > > > > > > Pleas

Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

You could use RPKI and origin validation as well. We have an application that does that. http://www.labs.lacnic.net/rpkitools/looking_glass/ For example you can periodically check if your prefix is valid: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/

Re: Argus: a hijacking alarm system

On 2012-01-20 12:01 , Yang Xiang wrote: > 2012/1/20 Suresh Ramasubramanian > > > On Fri, Jan 20, 2012 at 4:09 PM, Yang Xiang > > wrote: > > Hope I can find enough v6 route-servers before Jun 6 :) > > Jer

Re: Argus: a hijacking alarm system

_ Yang Xiang . about.me/xiangyang 2012/1/20 Suresh Ramasubramanian > On Fri, Jan 20, 2012 at 4:09 PM, Yang Xiang > wrote: > > Hope I can find enough v6 route-servers before Jun 6 :) > > Jeroen is just the guy to suggest where you can find them :) > Till then, if

Re: Argus: a hijacking alarm system

On Fri, Jan 20, 2012 at 4:09 PM, Yang Xiang wrote: > > Hope I can find enough v6 route-servers before Jun 6 :) Jeroen is just the guy to suggest where you can find them :) Till then, if google is an acceptable substitute - http://www.bgp4.net/wiki/doku.php?id=tools:ipv6_route_servers Enjoy - you

Re: Argus: a hijacking alarm system

_ Yang Xiang . about.me/xiangyang Ph.D candidate. Tsinghua University Argus: argus.csnet1.cs.tsinghua.edu.cn 2012/1/20 Jeroen Massar > On 2012-01-20 10:47 , Yang Xiang wrote: > > Hi, > > > > I build a system ‘Argus’ to real-timely alert prefix hijackings. > > Ar

Re: Argus: a hijacking alarm system

On 2012-01-20 10:47 , Yang Xiang wrote: > Hi, > > I build a system ‘Argus’ to real-timely alert prefix hijackings. > Argus monitors the Internet and discovers anomaly BGP updates which caused > by prefix hijacking. > When Argus discovers a potential prefix hijacking, it will advertise it in > a ve