Skip to Content.
Sympa Menu

netsec-sig - [Security-WG] ARTEMIS as an alternative to BGPMon

Subject: Internet2 Network Security SIG

List archive

[Security-WG] ARTEMIS as an alternative to BGPMon


Chronological Thread 
    < Chronological >      < Thread >
  • From: Adair Thaxton <>
  • To: "" <>, Alberto Dainotti <>
  • Subject: [Security-WG] ARTEMIS as an alternative to BGPMon
  • Date: Fri, 8 Feb 2019 05:04:50 +0000
Hello, working group! Following up on our earlier discussion about
alternatives to BGPMon, I have been given the necessary clearance to
share some screenshots and provide some information.

First things first, I'm copying Alberto Dainotti here because he's been
our main guy with ARTEMIS, and he and his team have been easy to work
with and very responsive to feedback. For more information about the
project as a whole, check out https://www.inspire.edu.gr/artemis/

1-Overview.png - this is the default homepage when you log in. We have
mitigation turned off, because we're skittish. You'll see the most
recent hijacks detected. In our case, many of these are because I
haven't added these ASes as legitimate peers.

2-BGP-Updates.png - BGP updates seen for your configured peers.

3-bgpmon-hijack-detected.png - BGPMon detected a more specific prefix
belonging to us being advertised by another AS, and sent us an alert.

4-artemis-hijack-detected.png - The same alert, as seen in ARTEMIS. The
alert lasted in total about five minutes, with a couple announces and
withdraws, and you could see all of those and which tables saw those
updates in ARTEMIS.

5-config.png - A snippet of our config, showing the options configured
by the ARTEMIS team, Internet2's ASes, and the internal gobgp ASes we're
using. The config file also includes our prefixes and the ASes of our
peers, but I thought this screenshot would give you an idea of the
config structure.

We are running ARTEMIS in AWS, and have firewall filters permitting only
Internet2 address space to access it.

Alberto's given a number of talks on ARTEMIS and I will happily
volunteer him to answer any questions you have, off-list!

Adair

Attachment: 1-Overview.png
Description: 1-Overview.png

Attachment: 2-BGP-Updates.png
Description: 2-BGP-Updates.png

Attachment: 3-bgpmon-hijack-detected.png
Description: 3-bgpmon-hijack-detected.png

Attachment: 4-artemis-hijack-detected.png
Description: 4-artemis-hijack-detected.png

Attachment: 5-config.png
Description: 5-config.png


  • [Security-WG] ARTEMIS as an alternative to BGPMon, Adair Thaxton, 02/08/2019

Archive powered by MHonArc 2.6.19.

Top of Page