How do looking-glass data and BGPmon feeds assist incident investigations?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

How do looking-glass data and BGPmon feeds assist incident investigations?

Explanation:
Looking-glass data and BGPmon feeds heighten visibility into how BGP routes behave across the Internet, which is essential for investigating incidents. Looking-glass services expose real views of how prefixes are announced from many networks, showing the origin ASN, the AS-path, the specific prefix, and the timing of the announcements. This lets an investigator see exactly where a hijacked route originated, which ASes it traversed, and when the change occurred. BGPmon aggregates BGP updates from numerous peers, stores historical data, and can raise alerts when anomalies like hijacks or leaks happen. This provides a searchable, time-stamped record of route behavior across the Internet, so you can reconstruct a hijack’s timeline, measure its scope, and corroborate findings with other evidence. Together, they give real-time and historical context for route changes, enabling precise identification of the source, path, and timing of hijacks. They don’t automatically block hijacks, they don’t merely show AS numbers, and they don’t replace router logs; they complement internal logs with global route visibility and historical evidence to support investigation and remediation.

Looking-glass data and BGPmon feeds heighten visibility into how BGP routes behave across the Internet, which is essential for investigating incidents. Looking-glass services expose real views of how prefixes are announced from many networks, showing the origin ASN, the AS-path, the specific prefix, and the timing of the announcements. This lets an investigator see exactly where a hijacked route originated, which ASes it traversed, and when the change occurred.

BGPmon aggregates BGP updates from numerous peers, stores historical data, and can raise alerts when anomalies like hijacks or leaks happen. This provides a searchable, time-stamped record of route behavior across the Internet, so you can reconstruct a hijack’s timeline, measure its scope, and corroborate findings with other evidence.

Together, they give real-time and historical context for route changes, enabling precise identification of the source, path, and timing of hijacks. They don’t automatically block hijacks, they don’t merely show AS numbers, and they don’t replace router logs; they complement internal logs with global route visibility and historical evidence to support investigation and remediation.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy