[nsp-sec] AS Path Forging - Observations from an incident
Hank Nussbacher
hank at efes.iucc.ac.il
Thu Jan 8 14:26:21 EST 2009
On Thu, 8 Jan 2009, Johnson, Ron wrote:
> Have y'all looked at this:
>
> http://iar.cs.unm.edu/
I have that, as well as the other 4 contenders. They send the alarm that
some as-path has changed but it won't help you spot where the actual
hijack is located.
-Hank
>
> I have been subscribed to this service for a couple of years now.
>
> Ron Johnson
>
>
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Bill Woodcock
> Sent: Thursday, January 08, 2009 10:40 AM
> To: Hank Nussbacher
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] AS Path Forging - Observations from an incident
>
> ----------- nsp-security Confidential --------
>
> On Thu, 8 Jan 2009, Hank Nussbacher wrote:
> > What if we (nsp-sec) were to create a closed, secret traceroute
> mesh so we
> > can check whether a prefix has been hijacked? This would only be
> used
> > when a hijack is taking place and is not useful after the fact.
>
> PCH has this capability presently, on our network of servers. We have
> not yet created an API to make it accessible from the outside. We'd be
> very interested in hearing what would make it useful to people in the
> community.
>
> -Bill
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list