Home | Background | Downloads | HOWTO | IRL
One very real threat that faces the Internet today is BGP prefix hijacking. Any malicious (or misconfigured) Autonomous System (AS) can announce that it owns any prefixes (ranges of IP addresses). Through announcing this, any number of Internet Service Providers (ISPs) may begin to send traffic to, potentially, malicious routers on the Internet.

Automatically mapping BGP prefixes to the ASes that are authorized to announce them is challenging. It is not always straight forward to know who is authorized to announce a prefix. Allowing operational autonomy and freedom complicates structured approaches.

BGP-Origins fuses global prefix monitoring data from PHAS and user attestations in a rigorous framework to enable operational entities to view current BGP prefix mappings and to use their own policies/decision making to determine the validity of origin mappings.

For additional information about the motivation and scope of BGP-Origins, please see our NANOG 40 presentation.