On Fri, 12 Sep 2008, Kevin Oberman wrote:
Looks interesting, but it only takes a fairly short list of ASNs for a
prefix. For our big CIDR blocks, we have WAY too many ASNs to enter them
all, so it's pretty useless for me. I need to be able to enter at very
least a dozen ASes and I suspect may fol
On Sun, 14 Sep 2008, Hank Nussbacher wrote:
I have used IAR, PHAS and MyASN and I can say I would not recommend myASN.
It is a cumbersome system and very non-intuitive. It is based on an
ASN-centric model, whereby each ASN is in its own realm. So if you manage
*one* ASN, perhaps this system m
The best system so far would be IAR: http://iar.cs.unm.edu/
The email notices are pretty much on time and accurate. Problem is they
have changed the system and I believe some forum page/link has gone lost
that allows one to manage existing subscriptions as per:
http://iar.cs.unm.edu/alerts.php#e
At 03:07 PM 12-09-08 +0100, Andy Davidson wrote:
On 12 Sep 2008, at 13:49, Nathan Ward wrote:
On 12/09/2008, at 10:42 PM, Gadi Evron wrote:
Hi, WatchMy.Net is a new community service to alert you when your
prefix
has been hijacked, in real-time.
I just had a quick play with this, as I've bee
On 13/09/2008, at 7:21 PM, Randy Bush wrote:
i am occasionally asked if there have been real bgp attacks (not
slips).
the answer is, of course yes, but there are none which can be publicly
described. when bucks and embarrassment are involved, security
through
obscurity seems to rule.
but
i am occasionally asked if there have been real bgp attacks (not slips).
the answer is, of course yes, but there are none which can be publicly
described. when bucks and embarrassment are involved, security through
obscurity seems to rule.
but tony and alex did us an enormous favor by publicly co
Nathan Ward wrote:
On 13/09/2008, at 5:48 PM, Matthew Moyle-Croft wrote:
Arnaud de Prelle wrote:
I think that most of us (me included) are already using it but the
problem is that they don't have BGP collectors everywhere in the world.
This is in fact a generic issue for BGP monitoring.
In th
On 13/09/2008, at 5:48 PM, Matthew Moyle-Croft wrote:
Arnaud de Prelle wrote:
I think that most of us (me included) are already using it but the
problem is that they don't have BGP collectors everywhere in the
world.
This is in fact a generic issue for BGP monitoring.
In this case it's very
Arnaud de Prelle wrote:
I think that most of us (me included) are already using it but the
problem is that they don't have BGP collectors everywhere in the world.
This is in fact a generic issue for BGP monitoring.
In this case it's very important to have a lot of collectors broadly
distribu
-
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Friday, September 12, 2008 3:50 PM
To: Andrew Fried
Cc: Skywing; Kevin Oberman; [EMAIL PROTECTED]
Subject: Re: community real-time BGP hijack notification service
On Fri, 12 Sep 2008, Andrew Fried wrote:
> Mail being what it is today, test
September 12, 2008 3:13 PM
To: Kevin Oberman
Cc: [EMAIL PROTECTED]
Subject: Re: community real-time BGP hijack notification service
On Fri, 12 Sep 2008, Kevin Oberman wrote:
Looks interesting, but it only takes a fairly short list of ASNs for a
prefix. For our big CIDR blocks, we have WAY too ma
[mailto:[EMAIL PROTECTED]
Sent: Friday, September 12, 2008 3:13 PM
To: Kevin Oberman
Cc: [EMAIL PROTECTED]
Subject: Re: community real-time BGP hijack notification service
On Fri, 12 Sep 2008, Kevin Oberman wrote:
Looks interesting, but it only takes a fairly short list of ASNs for a
prefix. For our big
Hmm, I'm trying to figure out the application here.
You have single prefixes originated or originate-able by more than
5 or 6 ASs?
I see - is it that you have, say a /16 with 13 potential ASs that might
be seen as originating more specifics inside that /16?
Hadn't considered that; we were envis
ECTED]
Sent: Friday, September 12, 2008 3:13 PM
To: Kevin Oberman
Cc: [EMAIL PROTECTED]
Subject: Re: community real-time BGP hijack notification service
On Fri, 12 Sep 2008, Kevin Oberman wrote:
Looks interesting, but it only takes a fairly short list of ASNs for a
prefix. For our big CIDR block
-Original Message-
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Friday, September 12, 2008 3:13 PM
To: Kevin Oberman
Cc: [EMAIL PROTECTED]
Subject: Re: community real-time BGP hijack notification service
On Fri, 12 Sep 2008, Kevin Oberman wrote:
Looks interesting, but it only takes a
rt. Just a
> thought.
>
> - S
>
> -Original Message-
> From: Gadi Evron [mailto:[EMAIL PROTECTED]
> Sent: Friday, September 12, 2008 3:13 PM
> To: Kevin Oberman
> Cc: [EMAIL PROTECTED]
> Subject: Re: community real-time BGP hijack notification service
>
Cc: [EMAIL PROTECTED]
Subject: Re: community real-time BGP hijack notification service
On Fri, 12 Sep 2008, Kevin Oberman wrote:
> Looks interesting, but it only takes a fairly short list of ASNs for a
> prefix. For our big CIDR blocks, we have WAY too many ASNs to enter them
> all, so it
On Fri, 12 Sep 2008, Kevin Oberman wrote:
Looks interesting, but it only takes a fairly short list of ASNs for a
prefix. For our big CIDR blocks, we have WAY too many ASNs to enter them
all, so it's pretty useless for me. I need to be able to enter at very
least a dozen ASes and I suspect may fol
Looks interesting, but it only takes a fairly short list of ASNs for a
prefix. For our big CIDR blocks, we have WAY too many ASNs to enter them
all, so it's pretty useless for me. I need to be able to enter at very
least a dozen ASes and I suspect may folks have a LOT more then that.
For now, I'll
Hi Erik -
There's a great button about Usenet -
"Reading Usenet is like drinking from a firehose;
Posting to Usenet is like shouting from a mountaintop;
Archiving Usenet is like saving used toilet tissue."
BGP may be somewhat more important, useful, and the results consumable
in the short-ter
Avi Freedman wrote:
Certainly if anyone wants to see the dynamics, who has advertised what now and
in the deep dark past, etc Renesys would be the place to go as far as I know.
RIS provides data in a searchable MySQL database for three months.
All we've ever collected is kept in a raw data for
> Nathan wrote:
> My best quick hack solution so far is to fire off a traceroute and make sure
> that the traceroute gets ICMP TTL expire messages from IP addresses that are
> in
> prefixes originated from all the ASes in the ASPATH.
> Still forgeable, but a bit more difficult.. still far from pe
> Nathan wrote:
> It is trivially easy for an attacker to falsify the origin AS. If 'they' are
> not doing it already, then I'm quite surprised.
> This isn't really a good thing to alarm on, in my opinion. Or, maybe it is,
> but
> there should be big bold text explaining that it's not reliable
id it's imperfect so ideas are welcome but the goal
here is to try to keep it useful but simple.
Thanks,
Avi
> Date: Fri, 12 Sep 2008 14:18:58 +0200
> From: Arnaud de Prelle <[EMAIL PROTECTED]>
> To: Gadi Evron <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re:
Andy Davidson wrote:
>
> On 12 Sep 2008, at 13:49, Nathan Ward wrote:
>
>> On 12/09/2008, at 10:42 PM, Gadi Evron wrote:
>>> Hi, WatchMy.Net is a new community service to alert you when your prefix
>>> has been hijacked, in real-time.
>> I just had a quick play with this, as I've been considering
On 12 Sep 2008, at 13:49, Nathan Ward wrote:
On 12/09/2008, at 10:42 PM, Gadi Evron wrote:
Hi, WatchMy.Net is a new community service to alert you when your
prefix
has been hijacked, in real-time.
I just had a quick play with this, as I've been considering hacking
together something simila
It is, agreed. But what is more likely; a simple a prefix hijack or an
all out attack, manipulating origin as, and as_path? While the 2nd is
possible, the first is the most likely, and the basis for all these
"hijack alert" services.
Christian
On Fri, Sep 12, 2008 at 9:27 AM, Nathan Ward <[EMA
On Fri, 12 Sep 2008, Christian Koch wrote:
I've been using IAR and PHAS, but I've noticed IAR seems to work a
bit better and much faster. Recently we changed our ASN, and seconds
after we started announcing prefixes under thew new ASN I received the
email alerts from IAR. I did not receive anyt
On 13/09/2008, at 1:14 AM, Christian Koch wrote:
Maybe a better idea would be if you were able to input your origin asn
and define your upstreams and/or peers, to be alerted on as well. (ie:
Do not alert me on any paths containing 123_000, 456_000, 789_000).
Again, that is trivially easy to
On Sat, 13 Sep 2008, Nathan Ward wrote:
On 12/09/2008, at 10:42 PM, Gadi Evron wrote:
Hi, WatchMy.Net is a new community service to alert you when your prefix
has been hijacked, in real-time.
Hi Gadi,
I just had a quick play with this, as I've been considering hacking together
something si
On Fri, 12 Sep 2008, Arnaud de Prelle wrote:
Hello Gadi,
Gadi Evron wrote:
Hi, WatchMy.Net is a new community service to alert you when your prefix
has been hijacked, in real-time.
Very good initiative. You can count on me as one of your users.
Note that apparently it doesn't seem to be work
I've been using IAR and PHAS, but I've noticed IAR seems to work a
bit better and much faster. Recently we changed our ASN, and seconds
after we started announcing prefixes under thew new ASN I received the
email alerts from IAR. I did not receive anything from PHAS. Although
I have in the past,
On 12/09/2008, at 10:42 PM, Gadi Evron wrote:
Hi, WatchMy.Net is a new community service to alert you when your
prefix
has been hijacked, in real-time.
Hi Gadi,
I just had a quick play with this, as I've been considering hacking
together something similar.
It is trivially easy for an a
Hello Gadi,
Gadi Evron wrote:
> Hi, WatchMy.Net is a new community service to alert you when your prefix
> has been hijacked, in real-time.
Very good initiative. You can count on me as one of your users.
Note that apparently it doesn't seem to be working as expected yet.
Indeed I already receive
34 matches
Mail list logo
