I build a system ‘Argus’ to real-timely alert prefix hijackings.
Argus monitors the Internet and discovers anomaly BGP updates which caused
by prefix hijacking.
When Argus discovers a potential prefix hijacking, it will advertise it in
a very short time,
both in our website (http://argus.csnet1.cs.tsinghua.edu.cn) and the
mailing list (firstname.lastname@example.org).
Argus has been running in the Internet for more than eight months,
it usually can discover potential prefix hijackings in ten seconds after
the first anomaly BGP update announced.
Several hijacking alarms have been confirmed by network operators.
For example: http://argus.csnet1.cs.tsinghua.edu.cn/fingerprints/61544/ has
been confirmed by the network operators of AS23910 and AS4538,
it was a prefix hijacking caused by a mis-configuration of route filter.
If you are interest in BGP security, welcome to visit our website and
subscribe the mailing list.
If you are interest in the system itself, you can find our paper which
published in ICNP 2011 (FIST workshop)
Hope Argus will be useful for you.