I'm looking for more information on how these mitigation services (BGPStream from BGPMon, etc) work to detect hijacks with a reasonable amount of confidence. As far as I can tell, there are a multitude of legitimate reasons why MOAS prefixes exist, and, without the prevalence of things like RPKI, it's extremely difficult to actually detect hijacks without a wild amount of false positives. On top of that, IRR databases seem to be out of date, or in a strange place due to the "renting"(?) of prefixes to other AS.
This seems like quite a complicated topic/issue. Any and all replies are welcome and appreciated. Thanks all!
No comments:
Post a Comment