Cyclops is a network audit tool for service providers and enterprise networks, providing a mechanism to compare the observed behavior of the network and its intended behavior. Cyclops is able to detect several forms of route hijack attacks, i.e. when Internet routes are maliciously diverted from their original state. Recent incidents such as the Youtube hijack in Feb’08 show that route hijacking is currently a real threat in the Internet. Other anomalies detected by Cyclops include unexpected peerings/depeerings, sudden routing shifts, bogon prefixes, bogus ASNs and route leakages among others. Registered users can configure what type of alerts they would like to receive.
If you just want to have a sneak peek of Cyclops, use the guest account:
Username: guest
Password: guest
Or you can sign up for a user account. After you signup go to your account and add your prefixes, ASNs and neighbors so that Cyclops knows the configuration of your network.
Cyclops uses data from thousands of routers from RouteViews, RIPE-RIS, Abilene, Packet Clearing House and Bgpmon from Colorado State University, making it the widest and fastest free tool to assess how the rest of the world is reaching your network. We plan to incorporate additional data in the future such as active measurement and internal ISP data (router configs, iBGP, IS-IS, OSPF, MPLS VPN). If you’re willing to provide us the data and want your network data to be audited by Cyclops, please drop a message to cyclops at cs.ucla.edu.
Cyclops was presented at Nanog 40 and NANOG 43. Please read the Cyclops FAQ for further details.
No comments:
Post a Comment