You could use RPKI and origin validation as well.
We have an application that does that.
http://www.labs.lacnic.net/rpkitools/looking_glass/
For example you can periodically check if your prefix is valid:
http://www.labs.lacnic.net/rpkitools/looking_glass/rest/valid/cidr/200.7.84.0/23/
If it were invalid for a possible hijack it would look like:
http://www.labs.lacnic.net/rpkitools/looking_glass/rest/invalid/cidr/200.31.18.0/24/
Or you can just query for any state:
http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.31.12.0/22/
Regards,
as
On 20 Jan 2012, at 07:47, Yang Xiang wrote:
> Hi,
>
> I build a system ‘Argus’ to real-timely alert prefix hijackings.
> Argus monitors the Internet and discovers anomaly BGP updates which caused
> by prefix hijacking.
> When Argus discovers a potential prefix hijacking, it will advertise it in
> a very short time,
> both in our website (http://argus.csnet1.cs.tsinghua.edu.cn) and the
> mailing list (ar...@csnet1.cs.tsinghua.edu.cn).
>
> Argus has been running in the Internet for more than eight months,
> it usually can discover potential prefix hijackings in ten seconds after
> the first anomaly BGP update announced.
> Several hijacking alarms have been confirmed by network operators.
> For example: http://argus.csnet1.cs.tsinghua.edu.cn/fingerprints/61544/ has
> been confirmed by the network operators of AS23910 and AS4538,
> it was a prefix hijacking caused by a mis-configuration of route filter.
>
> If you are interest in BGP security, welcome to visit our website and
> subscribe the mailing list.
> If you are interest in the system itself, you can find our paper which
> published in ICNP 2011 (FIST workshop)
> http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6089080.
>
> Hope Argus will be useful for you.
> _________________________________
> Yang Xiang . about.me/xiangyang
> Ph.D candidate. Tsinghua University
> Argus: argus.csnet1.cs.tsinghua.edu.cn
