BBN has also released an initial version of their relying party software. Core features are basically the same as the other validators (namely, RPKI certificate validation), with -- more fine-grained error diagnostics and -- more robust support for the RTR protocol for distributing validated information to routers. <http://www.ietf.org/mail-archive/web/sidr/current/msg03854.html>
On Fri, Jan 20, 2012 at 9:39 AM, Alex Band <al...@ripe.net> wrote: > If you want to play around with RPKI Origin Validation, you can download the > RIPE NCC RPKI Validator here: > http://ripe.net/certification/tools-and-resources > It's simple to set up and use: just unzip the package on a *NIX system, run > ./bin/rpki-validator and browse to http://localhost:8080 > > EuroTransit have a public one running here: > http://rpki01.fra2.de.euro-transit.net:8080/ > > You can see it's pointing to several Trust Anchors, downloads and validates > all ROA periodically, you can apply ignore filters and white lists, see a BGP > announcement validity preview based on route collector data, integrates with > existing (RPSL based) workflows and can talk to RPKI-capable routers. > > If you want to get an idea of how an RPKI-capable router would be configured, > here's some sample config for Cisco and Juniper: > http://www.ripe.net/certification/router-configuration > > You can also log into a public RPKI-capable Juniper here: 193.34.50.25, > 193.34.50.26 > telnet username: rpki > password: testbed > > With additional documentation available here: > http://rpki01.fra2.de.euro-transit.net/documentation.html > > Have fun, > > Alex > > On 20 Jan 2012, at 13:08, Arturo Servin wrote: > >> >> You could use RPKI and origin validation as well. >> >> We have an application that does that. >> >> http://www.labs.lacnic.net/rpkitools/looking_glass/ >> >> For example you can periodically check if your prefix is valid: >> >> http://www.labs.lacnic.net/rpkitools/looking_glass/rest/valid/cidr/200.7.84.0/23/ >> >> If it were invalid for a possible hijack it would look like: >> >> http://www.labs.lacnic.net/rpkitools/looking_glass/rest/invalid/cidr/200.31.18.0/24/ >> >> Or you can just query for any state: >> >> http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.31.12.0/22/ >> >> >> >> Regards, >> as >> >> On 20 Jan 2012, at 07:47, Yang Xiang wrote: >> >>> Hi, >>> >>> I build a system ‘Argus’ to real-timely alert prefix hijackings. >>> Argus monitors the Internet and discovers anomaly BGP updates which caused >>> by prefix hijacking. >>> When Argus discovers a potential prefix hijacking, it will advertise it in >>> a very short time, >>> both in our website (http://argus.csnet1.cs.tsinghua.edu.cn) and the >>> mailing list (ar...@csnet1.cs.tsinghua.edu.cn). >>> >>> Argus has been running in the Internet for more than eight months, >>> it usually can discover potential prefix hijackings in ten seconds after >>> the first anomaly BGP update announced. >>> Several hijacking alarms have been confirmed by network operators. >>> For example: http://argus.csnet1.cs.tsinghua.edu.cn/fingerprints/61544/ has >>> been confirmed by the network operators of AS23910 and AS4538, >>> it was a prefix hijacking caused by a mis-configuration of route filter. >>> >>> If you are interest in BGP security, welcome to visit our website and >>> subscribe the mailing list. >>> If you are interest in the system itself, you can find our paper which >>> published in ICNP 2011 (FIST workshop) >>> http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6089080. >>> >>> Hope Argus will be useful for you. >>> _________________________________ >>> Yang Xiang . about.me/xiangyang >>> Ph.D candidate. Tsinghua University >>> Argus: argus.csnet1.cs.tsinghua.edu.cn >> >> >
