PHAS was a proof of concept system. The starting observation was that the data needed to detect hijacks was already available in current monitors such as RouteViews and RIPE. However, one needed to:
PHAS made some strong advances in this direction, but the underlying RouteViews data was not available in real-time, the MRT format was not well suited for anotating data to include hijack and other information, and the resulting PHAS format introduced yet another format for BGP data.
The PHAS team has been working on the underlying data delivery from monitoring sites such as RouteViews and the data format. In joint work the RouteViews team along with Colorado State, University of Memphis, UCLA, and University of Arizona, RouteViews data is now available in real-time using an easily extensible XML format. This is now being intergrated into the main infrastructure and enables a wide range of new services, including SHASAM.
Light-weight open-source code you run at your location. No registration with a service or system, no need to trust external services to provide you with security alerts, integrates with any local data collection system if you operate one, provides XML alarms that are easily read by operators and can be fed into existing monitoring platforms that support XML.
SHASAM leverages to important changes in BGP data collection. First, the BGPmon (http://bgpmon.netsec.colostate.edu) infrastructure provides real-time access to monitor data. Second, it provides this data in an easily parsed and anotated manner using XML.
SHASAM provides a vantage point that includes all RouteViews data and any local sources you may optionally introduce. You can share your view of prefix hijacks and form communities to monitor prefixes using the Vantages Systems.
Other related monitoring tools are planned (and requests are welcome). Discussions with some vendors to provide a turn-key solution are in progress. Ideally, a combination of open source software and turn-key solutions allow sites to trade-off between OPEX costs of using open source and CAPEX costs of buying a fully supported turn-key solution.