Which services can be used to correlate BGP events to detect hijacks in real time?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

Which services can be used to correlate BGP events to detect hijacks in real time?

Explanation:
In real-time BGP hijack detection, the key is to observe live routing control-plane data from independent observers and use that data to correlate events across multiple vantage points. Public BGP monitors like RIPE RIS, BGPmon, and Looking Glass continuously collect BGP UPDATEs and route announcements from many networks. By consuming these feeds and linking sudden changes in prefix origins, AS paths, or visibility across different peers, you can spot hijacks as they unfold and confirm them with multi-point evidence. These sources are specifically designed to surface control-plane anomalies quickly and enable real-time correlation. DNS resolvers map domain names to IPs and don’t provide routing control-plane information, so they aren’t suited for correlating BGP events. SNMP monitoring tracks device health and statistics, not BGP routing announcements or hijack signals. Traffic analyzers examine actual data flows and packet-level characteristics; they can reveal traffic anomalies or diverted traffic after a hijack occurs, but they don’t supply the real-time BGP event data needed to correlate hijacks as they happen.

In real-time BGP hijack detection, the key is to observe live routing control-plane data from independent observers and use that data to correlate events across multiple vantage points. Public BGP monitors like RIPE RIS, BGPmon, and Looking Glass continuously collect BGP UPDATEs and route announcements from many networks. By consuming these feeds and linking sudden changes in prefix origins, AS paths, or visibility across different peers, you can spot hijacks as they unfold and confirm them with multi-point evidence. These sources are specifically designed to surface control-plane anomalies quickly and enable real-time correlation.

DNS resolvers map domain names to IPs and don’t provide routing control-plane information, so they aren’t suited for correlating BGP events. SNMP monitoring tracks device health and statistics, not BGP routing announcements or hijack signals. Traffic analyzers examine actual data flows and packet-level characteristics; they can reveal traffic anomalies or diverted traffic after a hijack occurs, but they don’t supply the real-time BGP event data needed to correlate hijacks as they happen.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy