List Info

Thread: Peering with the Internet Alert Registry
Peering with the Internet Alert Registry
user name
 2008-03-10 10:01:52 

  


  

    All,

Some of you are aware of the site for network operators: http://iar.cs.unm.edu/  which has running for two years now.  The purpose of the site is to detect and distribute network anomaly information to the network operators that need to know. ; The flip side of our proposed security system, Pretty Good BGP (PGBGP), lowers the local preference of anomalous routes on BGP routers for 24 hours, giving operators time to respond to anomalous routes before they can fully propagate. 



 Now, PGBGP is in actual routing software (Quagga), which we soon hope to distribute.  As an initial means of test, we will switch the IAR to it (instead of scraping RIPE/RouteViews with a script). This means that we will need peers to provide the IAR with BGP updates (we will not propagate any route updates to your routers).  Currently we have three BGP streams, more would be appreciated.  


If you would like to contribute to our research project, please reply directly to me.  More information about the project can be found here: http://cs.unm.edu/~karlinjf/pgbgp/



Thanks!

Josh


  

  
  
   
     
    

  

    Re: Peering with the Internet Alert
Registry
  


  

     user name

     2008-03-10 17:01:10
  


  

    
On Mon, Mar 10, 2008 at 11:01 AM, Josh Karlin
<karlinjfcs.unm.edu> wrote:
> All,
>
> Some of you are aware of the site for network
operators:
> http://iar.cs.unm.edu/ 
which has running for two years now.  The purpose of
> the site is to detect and distribute network anomaly
information to the
> network operators that need to know.  The flip side of
our proposed security
> system, Pretty Good BGP (PGBGP), lowers the local
preference of anomalous
> routes on BGP routers for 24 hours, giving operators
time to respond to
> anomalous routes before they can fully propagate.
>

does pgbgp toss out alerts/snmp-traps/log-messages when
these
anomalous announcements arrive? if not, how does one know
they are
inside the 24hr window?



  


  

    
  

  
  
   
     
    

  

    Re: Peering with the Internet Alert
Registry
  


  

     user name

     2008-03-10 21:02:12
  


  

    

  


  

    Chris, 

That';s a good question.&nbsp; IAR peers that also wish to run PGBGP will transmit their anomalous routes out of band to the IAR.  This will likely be done via logs and a simple forwarding script.

Josh




On Mon, Mar 10, 2008 at 4:01 PM, Christopher Morrow < christopher.morrowgmail.com">christopher.morrowgmail.com> wrote:


On Mon, Mar 10, 2008 at 11:01 AM, Josh Karlin < karlinjfcs.unm.edu">karlinjfcs.unm.edu> wrote:

&gt; All,

>;

> Some of you are aware of the site for network operators:

> http://iar.cs.unm.edu/  which has running for two years now.  The purpose of

> the site is to detect and distribute network anomaly information to the

> network operators that need to know.  The flip side of our proposed security


> system, Pretty Good BGP (PGBGP), lowers the local preference of anomalous

> routes on BGP routers for 24 hours, giving operators time to respond to

> anomalous routes before they can fully propagate.

>




does pgbgp toss out alerts/snmp-traps/log-messages when these

anomalous announcements arrive? if not, how does one know they are

inside the 24hr window?





  

  
  
   
     
    






 [1-3]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )