BGP is the fabric of routing on the Internet today. There are approximately half a million routes on the Internet originated by about 50,000 unique Autonomous Systems. On a typical day there are thousands of changes and although the vast majority of these are simply planned routing changes, configuration updates, and network additions there are signals in the noise that can be detected as nefarious. Throughout the last couple years there have been several large scale BGP incidents, such as outages and hijacks of networks that have been done using BGP. These include government sponsored regimes taking entire countries offline and criminals routing traffic for profit.
BGPmon has been operating a network of BGP probes, classifiers, and associated alerts on these changes and has discovered and publicized several attacks that utilize BGP.Today, we are announcing BGP Stream. This stream will be publishing on Twitter and open to everyone with a goal of announcing potentially malicious BGP/ASN data. By subscribing to the stream one can monitor and alert potentially damaging network changes that affect traffic flows.