 | Bogon Analyses |  Login
|
Welcome to BGPmon.net, a BGP monitoring and analyzer tool
Features of the prefix monitoring system
- Full IPv6 support!!
- support for aspath regex checks
- 4byte ASN support
- support for auo discovery of prefixes for a specific Origin AS
- Flexible email alerting system
- Historical overview of "Interesting" updates
- Support for multiple AS's per user
- BGP MITM attack detection
- BGP updates from over 100 peers
About BGPmon
BGPmon can monitor your prefixes and alert you in case of a 'interesting' path change. Recently this has received quite some attention. Specifically after the Youtube hijack and the demo given at defcon. Path changes can be of different kinds, such as more specifics, change of aspath, change of origin AS, Transit AS or any combination of this. BGPmon classifies these changes in types. This software was written over the course of 1.5 years, mainly for private use. However given the more widespread interest I decided to make it available everyone interested. If you want to, give it a try! If you have any questions or feedback please let me know, andree@bgpmon.net
Support BGPmon.net! 
Why monitor?
Login with username demo@bgpmon.net and password demo
If your interested in how certain events are detected in bgpmon, try these links:
Sign up now and try it!
Recent Blog Posts
Issues with allocating from 1.0.0.0/8
Routing diff report, Rancid for BGP
Programming with the BGPmon.net Web Services API
New hardware for BGPmon.net server
The Vatican taking the lead in IPv6 rollout?
Bogon Monitoring
Did you ever wonder how big of an issue Bogon IP addresses really are? Or how often they actually happen?Then you might find these services interesting! All BGP updates are scanned for Bogon IP addresses, I am using the list from Team cymru as a reference for that. In addition to that the updates are being scanned for bogon AS numbers.
- Recent announcements from private AS numbers
- BGP announcements containing bogon prefixes
In February 2008 Youtube's prefix was 'hijacked' for several hours by Pakistan Telecom. This was done by announcing a more specific and as a result all of Youtube's traffic ended up in Pakistan where it was blackholed. Because of this Youtube was unreachable for a few hours. A nice summary of this can be found on the ripe website.
In this specific case the cause was a misconfiguration and traffic was blackholed. But what happens if the traffic is not blackholed, but intercepted, analyzed and then forwarded to the original destinations. This is what we call a BGP Man In The Middle Attack (MITM) and this was recently demonstrated at defcon2008.
These were both cases that received quite some attention and it does (or should) make you wonder as a network administrator, if this happens to your network as well. BGPmon tries to help you with that by giving you the tools.
Copyright ©2008 Questions or remarks: BGPmon