You could use RPKI and origin validation as well. We have an application that does that.
http://www.labs.lacnic.net/rpkitools/looking_glass/ For example you can periodically check if your prefix is valid: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/valid/cidr/200.7.84.0/23/ If it were invalid for a possible hijack it would look like: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/invalid/cidr/200.31.18.0/24/ Or you can just query for any state: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.31.12.0/22/ Regards, as On 20 Jan 2012, at 07:47, Yang Xiang wrote: > Hi, > > I build a system ‘Argus’ to real-timely alert prefix hijackings. > Argus monitors the Internet and discovers anomaly BGP updates which caused > by prefix hijacking. > When Argus discovers a potential prefix hijacking, it will advertise it in > a very short time, > both in our website (http://argus.csnet1.cs.tsinghua.edu.cn) and the > mailing list (ar...@csnet1.cs.tsinghua.edu.cn). > > Argus has been running in the Internet for more than eight months, > it usually can discover potential prefix hijackings in ten seconds after > the first anomaly BGP update announced. > Several hijacking alarms have been confirmed by network operators. > For example: http://argus.csnet1.cs.tsinghua.edu.cn/fingerprints/61544/ has > been confirmed by the network operators of AS23910 and AS4538, > it was a prefix hijacking caused by a mis-configuration of route filter. > > If you are interest in BGP security, welcome to visit our website and > subscribe the mailing list. > If you are interest in the system itself, you can find our paper which > published in ICNP 2011 (FIST workshop) > http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6089080. > > Hope Argus will be useful for you. > _________________________________ > Yang Xiang . about.me/xiangyang > Ph.D candidate. Tsinghua University > Argus: argus.csnet1.cs.tsinghua.edu.cn