In [9]:
import pybgpstream

# Get data
stream = pybgpstream.BGPStream(
   from_time="2017-07-07 00:00:00", until_time="2017-07-07 00:10:00 UTC",
   collectors=["route-views.sg", "route-views.eqix"],
   record_type="updates"
)
stream.set_data_interface_option("broker", "cache-dir", "/home/mgumilang/.cache/")

In [6]:
# Parse incoming updates with MoAS detector
from collections import defaultdict

# <prefix, origin-ASns-set > dictionary
prefix_origin = defaultdict(set)

for rec in stream.records():
    for elem in rec:
        if elem.type == 'W':
            continue
        # Get the prefix
        pfx = elem.fields["prefix"]
        # Get the list of ASes in the AS path
        ases = elem.fields["as-path"].split(" ")
        if len(ases) > 0:
            # Get the origin ASn (rightmost)
            origin = ases[-1]
            # Insert the origin ASn in the set of
            # origins for the prefix
            prefix_origin[pfx].add(origin)

# Print the list of MOAS prefix and their origin ASns
for pfx in prefix_origin:
    if len(prefix_origin[pfx]) > 1:
        print((pfx, ",".join(prefix_origin[pfx])))

('170.51.243.0/24', '19037,11664')
('209.12.70.0/23', '395918,{395573,395918}')
('186.182.234.0/24', '19037,11664')
('205.134.205.0/24', '14517,20394')
('205.134.194.0/24', '14517,20394')
('204.194.138.0/24', '40466,11273')
('41.243.3.0/24', '327707,37020')
('2405:a700:14::/48', '9498,9583')
('2405:a700:15::/48', '9498,9583')
('198.133.158.0/23', '54054,2914')
('204.194.23.0/24', '54054,54145')
('2001:dc7:b::/48', '24151,24406')
('2001:dc7:a::/48', '24151,24406')
('2001::/32', '1101,6939,25192')
('76.10.211.0/24', '11013,29803')
('91.240.176.0/24', '41489,20712')
('91.240.229.0/24', '41489,20712')
('2a00:1560:f::/48', '64661,29684')
('2001:428::/32', '209,3910')
('2001:428:f000::/36', '3908,209')
('200.80.244.0/24', '27754,3')
('2001:5e0::/32', '16713,{395394}')
('2001:468:1202::/48', '54728,20130')
('2001:460:70::/46', '3561,7991')
('31.171.126.0/23', '199311,65456')
('2001:16a0::/29', '{25019,39891,64785,64787,64803,65000},{25019,39891}')
('1.3.33.0/24', '133741,133948')
('2600:1480:

In [10]:
# Implement sub-MoAS detector
# <prefix, origin-ASns-set > dictionary
sub_moas = defaultdict(set)

for rec in stream.records():
    for elem in rec:
        if elem.type == 'W':
            continue
        # Get the prefix
        pfx = elem.fields["prefix"]
        # Get address and subnet mask
        adr, mask = pfx.split('/')
        # Get the list of ASes in the AS path
        ases = elem.fields["as-path"].split(" ")
        if len(ases) > 0:
            # Get the origin ASn (rightmost)
            origin = ases[-1]
            # Insert the origin ASn in the set of
            # origins for the prefix
            prefix_origin[adr].add((mask,origin))

# Print the list of MOAS prefix and their origin ASns
for adr in sub_moas:
    if len(sub_moas[adr]) > 1:
        print((adr, ",".join(sub_moas[adr])))

In [None]:
# Implement Fake Path detector

In [None]:
# Graph for MoAS detector, sub-MoAS detector, and Fake Path detector

In [None]:
# Implement DEFCON #16
# Implement sub-MoAS detector
# <prefix, origin-ASns-set > dictionary
# defcon = defaultdict(set)

# for rec in stream.records():
#     for elem in rec:
#         if elem.type == 'W':
#             continue
#         # Get the prefix
#         pfx = elem.fields["prefix"]
#         # Get address and subnet mask
#         adr, mask = pfx.split('/')
#         # Get the list of ASes in the AS path
#         ases = elem.fields["as-path"].split(" ")
#         if len(ases) > 0:
#             # Get the origin ASn (rightmost)
#             origin = ases[-1]
#             # Insert the origin ASn in the set of
#             # origins for the prefix
#             prefix_origin[adr].add((mask,origin))

# # Print the list of MOAS prefix and their origin ASns
# for adr in sub_moas:
#     if len(sub_moas[adr]) > 1:
#         print((adr, ",".join(sub_moas[adr])))