Hi chris,
2012/1/23 Christopher Morrow morrowc.li...@gmail.com
On Fri, Jan 20, 2012 at 8:08 AM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
2012/1/20 Arturo Servin aser...@lacnic.net
while Argus can discover potential hijackings caused by anomalous AS
path.
reading the
On Mon, Jan 23, 2012 at 10:19 AM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
Hi chris,
2012/1/23 Christopher Morrow morrowc.li...@gmail.com
On Fri, Jan 20, 2012 at 8:08 AM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
2012/1/20 Arturo Servin aser...@lacnic.net
while
2012/1/23 Christopher Morrow morrowc.li...@gmail.com
ok, that seems squirrelly still :(
so, take routeviews for example, they peer almost exclusively
ebgp-multi-hop, so any 'best path' you see there isn't actually usable
by the route-server... all traffic has to take the local transport out
On 1/23/2012 7:28 AM, Christopher Morrow wrote:
On Mon, Jan 23, 2012 at 10:19 AM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
Hi chris,
2012/1/23 Christopher Morrow morrowc.li...@gmail.com
On Fri, Jan 20, 2012 at 8:08 AM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
2012/1/24 John Kemp k...@network-services.uoregon.edu
Minor correction there. If you are talking about our IX collectors
(LINX, PAIX,
EQIX Ashburn, SYDNEY, etc.) those are at exchanges and peering
directly. The
collectors at Univ of Oregon (rv,rv2,rv3,rv4, rv6), yeah, those are
On Fri, Jan 20, 2012 at 8:08 AM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
2012/1/20 Arturo Servin aser...@lacnic.net
while Argus can discover potential hijackings caused by anomalous AS
path.
Can you explain how?
Only a imprecisely detection.
Section III.C in our
ah, bad news ~
too many Argus :)
2012/1/21 RijilV rij...@riji.lv
On 20 January 2012 07:53, Rich Kulawiec r...@gsp.org wrote:
On Fri, Jan 20, 2012 at 05:47:21PM +0800, Yang Xiang wrote:
I build a system ?Argus? to real-timely alert prefix hijackings.
A suggestion: pick a different name.
2012/1/21 Suresh Ramasubramanian ops.li...@gmail.com
On Fri, Jan 20, 2012 at 10:45 PM, RijilV rij...@riji.lv wrote:
A suggestion: pick a different name. There's already a network tool
named Argus (it's been around for years): http://www.qosient.com/argus/
I suggest using the name of a
On 2012-01-20 10:47 , Yang Xiang wrote:
Hi,
I build a system ‘Argus’ to real-timely alert prefix hijackings.
Argus monitors the Internet and discovers anomaly BGP updates which caused
by prefix hijacking.
When Argus discovers a potential prefix hijacking, it will advertise it in
a very
_
Yang Xiang . about.me/xiangyang
Ph.D candidate. Tsinghua University
Argus: argus.csnet1.cs.tsinghua.edu.cn
2012/1/20 Jeroen Massar jer...@unfix.org
On 2012-01-20 10:47 , Yang Xiang wrote:
Hi,
I build a system ‘Argus’ to real-timely alert prefix
On Fri, Jan 20, 2012 at 4:09 PM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
Hope I can find enough v6 route-servers before Jun 6 :)
Jeroen is just the guy to suggest where you can find them :)
Till then, if google is an acceptable substitute -
_
Yang Xiang . about.me/xiangyang
2012/1/20 Suresh Ramasubramanian ops.li...@gmail.com
On Fri, Jan 20, 2012 at 4:09 PM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
Hope I can find enough v6 route-servers before Jun 6 :)
Jeroen is just the guy to
On 2012-01-20 12:01 , Yang Xiang wrote:
2012/1/20 Suresh Ramasubramanian ops.li...@gmail.com
mailto:ops.li...@gmail.com
On Fri, Jan 20, 2012 at 4:09 PM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn
mailto:xiang...@csnet1.cs.tsinghua.edu.cn wrote:
Hope I can find enough
You could use RPKI and origin validation as well.
We have an application that does that.
http://www.labs.lacnic.net/rpkitools/looking_glass/
For example you can periodically check if your prefix is valid:
_
Yang Xiang . about.me/xiangyang
Ph.D candidate. Tsinghua University
Argus: argus.csnet1.cs.tsinghua.edu.cn
2012/1/20 Jeroen Massar jer...@unfix.org
On 2012-01-20 12:01 , Yang Xiang wrote:
2012/1/20 Suresh Ramasubramanian ops.li...@gmail.com
RPKI is great.
But, firstly, ROA doesn't cover all the prefixes now,
we need an alternative service to alert hijackings.
secondly, ROA can only secure the 'Origin AS' of a prefix,
while Argus can discover potential hijackings caused by anomalous AS path.
After ROA and BGPsec deployed in the
On 20 Jan 2012, at 10:38, Yang Xiang wrote:
RPKI is great.
But, firstly, ROA doesn't cover all the prefixes now,
we need an alternative service to alert hijackings.
Or to sign your prefixes.
secondly, ROA can only secure the 'Origin AS' of a prefix,
That's true.
2012/1/20 Arturo Servin aser...@lacnic.net
On 20 Jan 2012, at 10:38, Yang Xiang wrote:
RPKI is great.
But, firstly, ROA doesn't cover all the prefixes now,
we need an alternative service to alert hijackings.
Or to sign your prefixes.
Sign prefixes is the best way.
Before
On Jan 20, 2012, at 8:08 AM, Yang Xiang wrote:
I think network operators are only careless, but not trust-less,
so black-hole hijacking is the majority case.
This is aligned with the discussion on route leaks at the proposed
interim SIDR meeting just after NANOG.
Even with RPKI and BGPSEC
If you want to play around with RPKI Origin Validation, you can download the
RIPE NCC RPKI Validator here: http://ripe.net/certification/tools-and-resources
It's simple to set up and use: just unzip the package on a *NIX system, run
./bin/rpki-validator and browse to http://localhost:8080
On Fri, Jan 20, 2012 at 05:47:21PM +0800, Yang Xiang wrote:
I build a system ?Argus? to real-timely alert prefix hijackings.
A suggestion: pick a different name. There's already a network tool
named Argus (it's been around for years): http://www.qosient.com/argus/
I suggest using the name of a
BBN has also released an initial version of their relying party
software. Core features are basically the same as the other
validators (namely, RPKI certificate validation), with
-- more fine-grained error diagnostics and
-- more robust support for the RTR protocol for distributing validated
On 20 January 2012 07:53, Rich Kulawiec r...@gsp.org wrote:
On Fri, Jan 20, 2012 at 05:47:21PM +0800, Yang Xiang wrote:
I build a system ?Argus? to real-timely alert prefix hijackings.
A suggestion: pick a different name. There's already a network tool
named Argus (it's been around for
On Fri, Jan 20, 2012 at 10:45 PM, RijilV rij...@riji.lv wrote:
A suggestion: pick a different name. There's already a network tool
named Argus (it's been around for years): http://www.qosient.com/argus/
I suggest using the name of a different Wishbone Ash album: Bona Fide. ;-)
Ha, there are
24 matches
Mail list logo
