Re: Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released
On 21/12/2018 17:10, Jared Mauch wrote: So expect now BGP hijackers to announce /25s from here on in. They generally adopt BCPs faster than providers. -Hank Folks have studied announcing a /25 etc.. and it can help because many providers will accept them.. it won’t get everyone, but longer than /24 prefixes do help. - Jared On Dec 21, 2018, at 10:07 AM, Kody Vicknair wrote: I'm curious, If the highjacked prefix is a /24 (subset of your much larger /22) and you can only tie the highjacked prefix, at that point how effective is the mitigation outside of a default bgp route selection process? -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Vasileios Kotronis Sent: Thursday, December 20, 2018 11:23 AM To: nanog@nanog.org Subject: Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released Dear operators, FORTH's INSPIRE group and CAIDA are delighted to announce the public release of the ARTEMIS BGP prefix hijacking detection tool, available as open-source software at https://github.com/FORTH-ICS-INSPIRE/artemis ARTEMIS is designed to be operated by an AS in order to monitor BGP for potential hijacking attempts against its own prefixes. The system detects such attacks within seconds, enabling immediate mitigation. The current release has been tested at a major greek ISP, a dual-homed edge academic network, and a major US R&E backbone network. We would be happy if you'd give it a try and provide feedback. Feel free to make pull requests on GitHub and help us make this a true community project. ARTEMIS is funded by European Research Council (ERC) grant agreement no. 338402 (NetVolution Project), the RIPE NCC Community Projects 2017, the Comcast Innovation Fund, US NSF grants OAC-1848641 and CNS-1423659 and US DHS S&T contract HHSP233201600012C. Best regards, Vasileios -- === Vasileios Kotronis Postdoctoral Researcher, member of the INSPIRE Group INSPIRE = INternet Security, Privacy, and Intelligence REsearch Telecommunications and Networks Lab (TNL) Foundation for Research and Technology - Hellas (FORTH) Leoforos Plastira 100, Heraklion 70013, Greece e-mail : vkotro...@ics.forth.gr url: http://inspire.edu.gr ===
Re: Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released
Exactly for this case, besides what Jared mentioned, there is the possibility of using a third party mitigation service. This service can be provided by e.g., a DDoS protection provider since it requires announcing the exact /24 (or other prefix) from another AS which can attract and tunnel the traffic back to the victim. This is very close to current practices in the context of DDoS mitigation; the context is different however the underlying mechanisms are similar. For more details on the effectiveness of this strategy, please refer to Section 6.2.2 of our ToN paper (available at https://arxiv.org/abs/1801.01085).The current tool offers real time detection, with such mitigation mechanisms being under investigation.Best regards,VasileiosIn Dec 21, 2018 5:10 PM, Jared Mauch wrote:Folks have studied announcing a /25 etc.. and it can help because many providers will accept them.. it won’t get everyone, but longer than /24 prefixes do help. - Jared > On Dec 21, 2018, at 10:07 AM, Kody Vicknair wrote: > > I'm curious, If the highjacked prefix is a /24 (subset of your much larger /22) and you can only tie the highjacked prefix, at that point how effective is the mitigation outside of a default bgp route selection process? > > > > > > > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Vasileios Kotronis > Sent: Thursday, December 20, 2018 11:23 AM > To: nanog@nanog.org > Subject: Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released > > Dear operators, > > FORTH's INSPIRE group and CAIDA are delighted to announce the public release of the ARTEMIS BGP prefix hijacking detection tool, available as open-source software at https://github.com/FORTH-ICS-INSPIRE/artemis > > ARTEMIS is designed to be operated by an AS in order to monitor BGP for potential hijacking attempts against its own prefixes. The system detects such attacks within seconds, enabling immediate mitigation. The current release has been tested at a major greek ISP, a dual-homed edge academic network, and a major US R&E backbone network. > > We would be happy if you'd give it a try and provide feedback. Feel free to make pull requests on GitHub and help us make this a true community project. > > ARTEMIS is funded by European Research Council (ERC) grant agreement no. > 338402 (NetVolution Project), the RIPE NCC Community Projects 2017, the Comcast Innovation Fund, US NSF grants OAC-1848641 and CNS-1423659 and US DHS S&T contract HHSP233201600012C. > > Best regards, > Vasileios > > -- > === > Vasileios Kotronis > Postdoctoral Researcher, member of the INSPIRE Group INSPIRE = INternet Security, Privacy, and Intelligence REsearch Telecommunications and Networks Lab (TNL) Foundation for Research and Technology - Hellas (FORTH) Leoforos Plastira 100, Heraklion 70013, Greece e-mail : vkotro...@ics.forth.gr > url: http://inspire.edu.gr > === > > > > > >
Re: Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released
Hello, it is quite easy to install on a VM, you will not need special infrastructure, but only two pieces of software to be able to run lightweight containers (docker-ce and docker-compose). In fact, this is how we test it ourselves :). We will consider publishing a standalone VM is this helps testing more (details to come in the project's' wiki pages). Best, Vasileios On 20/12/18 10:40 μ.μ., M. Omer GOLGELI wrote: Hi Vasileios, Congratulations of building this. Wanted to try it out as a VM but frankly... The "docker" part put me off... M. --- On 2018-12-20 20:23, Vasileios Kotronis wrote: Dear operators, FORTH's INSPIRE group and CAIDA are delighted to announce the public release of the ARTEMIS BGP prefix hijacking detection tool, available as open-source software at https://github.com/FORTH-ICS-INSPIRE/artemis ARTEMIS is designed to be operated by an AS in order to monitor BGP for potential hijacking attempts against its own prefixes. The system detects such attacks within seconds, enabling immediate mitigation. The current release has been tested at a major greek ISP, a dual-homed edge academic network, and a major US R&E backbone network. We would be happy if you'd give it a try and provide feedback. Feel free to make pull requests on GitHub and help us make this a true community project. ARTEMIS is funded by European Research Council (ERC) grant agreement no. 338402 (NetVolution Project), the RIPE NCC Community Projects 2017, the Comcast Innovation Fund, US NSF grants OAC-1848641 and CNS-1423659 and US DHS S&T contract HHSP233201600012C. Best regards, Vasileios -- === Vasileios Kotronis Postdoctoral Researcher, member of the INSPIRE Group INSPIRE = INternet Security, Privacy, and Intelligence REsearch Telecommunications and Networks Lab (TNL) Foundation for Research and Technology - Hellas (FORTH) Leoforos Plastira 100, Heraklion 70013, Greece Tel: +302810391241 Office: G-060 e-mail : vkotro...@ics.forth.gr url: http://inspire.edu.gr ===
Re: Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released
Folks have studied announcing a /25 etc.. and it can help because many providers will accept them.. it won’t get everyone, but longer than /24 prefixes do help. - Jared > On Dec 21, 2018, at 10:07 AM, Kody Vicknair wrote: > > I'm curious, If the highjacked prefix is a /24 (subset of your much larger > /22) and you can only tie the highjacked prefix, at that point how effective > is the mitigation outside of a default bgp route selection process? > > > > > > > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Vasileios Kotronis > Sent: Thursday, December 20, 2018 11:23 AM > To: nanog@nanog.org > Subject: Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released > > Dear operators, > > FORTH's INSPIRE group and CAIDA are delighted to announce the public release > of the ARTEMIS BGP prefix hijacking detection tool, available as open-source > software at https://github.com/FORTH-ICS-INSPIRE/artemis > > ARTEMIS is designed to be operated by an AS in order to monitor BGP for > potential hijacking attempts against its own prefixes. The system detects > such attacks within seconds, enabling immediate mitigation. The current > release has been tested at a major greek ISP, a dual-homed edge academic > network, and a major US R&E backbone network. > > We would be happy if you'd give it a try and provide feedback. Feel free to > make pull requests on GitHub and help us make this a true community project. > > ARTEMIS is funded by European Research Council (ERC) grant agreement no. > 338402 (NetVolution Project), the RIPE NCC Community Projects 2017, the > Comcast Innovation Fund, US NSF grants OAC-1848641 and CNS-1423659 and US DHS > S&T contract HHSP233201600012C. > > Best regards, > Vasileios > > -- > === > Vasileios Kotronis > Postdoctoral Researcher, member of the INSPIRE Group INSPIRE = INternet > Security, Privacy, and Intelligence REsearch Telecommunications and Networks > Lab (TNL) Foundation for Research and Technology - Hellas (FORTH) Leoforos > Plastira 100, Heraklion 70013, Greece e-mail : vkotro...@ics.forth.gr > url: http://inspire.edu.gr > === > > > > > >
RE: Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released
I'm curious, If the highjacked prefix is a /24 (subset of your much larger /22) and you can only tie the highjacked prefix, at that point how effective is the mitigation outside of a default bgp route selection process? -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Vasileios Kotronis Sent: Thursday, December 20, 2018 11:23 AM To: nanog@nanog.org Subject: Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released Dear operators, FORTH's INSPIRE group and CAIDA are delighted to announce the public release of the ARTEMIS BGP prefix hijacking detection tool, available as open-source software at https://github.com/FORTH-ICS-INSPIRE/artemis ARTEMIS is designed to be operated by an AS in order to monitor BGP for potential hijacking attempts against its own prefixes. The system detects such attacks within seconds, enabling immediate mitigation. The current release has been tested at a major greek ISP, a dual-homed edge academic network, and a major US R&E backbone network. We would be happy if you'd give it a try and provide feedback. Feel free to make pull requests on GitHub and help us make this a true community project. ARTEMIS is funded by European Research Council (ERC) grant agreement no. 338402 (NetVolution Project), the RIPE NCC Community Projects 2017, the Comcast Innovation Fund, US NSF grants OAC-1848641 and CNS-1423659 and US DHS S&T contract HHSP233201600012C. Best regards, Vasileios -- === Vasileios Kotronis Postdoctoral Researcher, member of the INSPIRE Group INSPIRE = INternet Security, Privacy, and Intelligence REsearch Telecommunications and Networks Lab (TNL) Foundation for Research and Technology - Hellas (FORTH) Leoforos Plastira 100, Heraklion 70013, Greece e-mail : vkotro...@ics.forth.gr url: http://inspire.edu.gr ===
Re: Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released
Hi Vasileios, Congratulations of building this. Wanted to try it out as a VM but frankly... The "docker" part put me off... M. --- On 2018-12-20 20:23, Vasileios Kotronis wrote: Dear operators, FORTH's INSPIRE group and CAIDA are delighted to announce the public release of the ARTEMIS BGP prefix hijacking detection tool, available as open-source software at https://github.com/FORTH-ICS-INSPIRE/artemis ARTEMIS is designed to be operated by an AS in order to monitor BGP for potential hijacking attempts against its own prefixes. The system detects such attacks within seconds, enabling immediate mitigation. The current release has been tested at a major greek ISP, a dual-homed edge academic network, and a major US R&E backbone network. We would be happy if you'd give it a try and provide feedback. Feel free to make pull requests on GitHub and help us make this a true community project. ARTEMIS is funded by European Research Council (ERC) grant agreement no. 338402 (NetVolution Project), the RIPE NCC Community Projects 2017, the Comcast Innovation Fund, US NSF grants OAC-1848641 and CNS-1423659 and US DHS S&T contract HHSP233201600012C. Best regards, Vasileios
Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released
Dear operators, FORTH's INSPIRE group and CAIDA are delighted to announce the public release of the ARTEMIS BGP prefix hijacking detection tool, available as open-source software at https://github.com/FORTH-ICS-INSPIRE/artemis ARTEMIS is designed to be operated by an AS in order to monitor BGP for potential hijacking attempts against its own prefixes. The system detects such attacks within seconds, enabling immediate mitigation. The current release has been tested at a major greek ISP, a dual-homed edge academic network, and a major US R&E backbone network. We would be happy if you'd give it a try and provide feedback. Feel free to make pull requests on GitHub and help us make this a true community project. ARTEMIS is funded by European Research Council (ERC) grant agreement no. 338402 (NetVolution Project), the RIPE NCC Community Projects 2017, the Comcast Innovation Fund, US NSF grants OAC-1848641 and CNS-1423659 and US DHS S&T contract HHSP233201600012C. Best regards, Vasileios -- === Vasileios Kotronis Postdoctoral Researcher, member of the INSPIRE Group INSPIRE = INternet Security, Privacy, and Intelligence REsearch Telecommunications and Networks Lab (TNL) Foundation for Research and Technology - Hellas (FORTH) Leoforos Plastira 100, Heraklion 70013, Greece e-mail : vkotro...@ics.forth.gr url: http://inspire.edu.gr ===
