rene/PeerCortex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
PeerCortex/src/features/pdf-export/templates/technical-template.html
Rene Fichtmueller 5554c1a53e feat: BGP Hijack Alerting + Webhooks (Feature 1) 
- Deterministic Classification: MOAS/HIJACK/LEAK type detection
- Severity scoring: CRITICAL/HIGH/MEDIUM/LOW based on prefix length
- Optional Ollama enrichment (qwen2.5:3b) for CRITICAL only (5s timeout)
- PostgreSQL backend: hijack_events, webhook_subscriptions, webhook_deliveries
- HMAC-SHA256 webhook signing with exponential backoff retry
- Retry scheduler: node-cron job every 5 minutes
- 6 API endpoints: POST/GET/DELETE webhooks, test delivery, list/resolve hijacks
- 22 comprehensive tests (80%+ coverage)
- Zero external API costs (deterministic + local Ollama only)
2026-04-29 07:45:15 +02:00

329 lines
9.3 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>PeerCortex Technical Report - AS{{asn}}</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: 'Monaco', 'Courier New', monospace;
color: #1f2937;
line-height: 1.8;
background: white;
font-size: 11px;
}
.page { page-break-after: always; padding: 35px; min-height: 100vh; }
.page:last-child { page-break-after: avoid; }
h1 { font-size: 2.2em; margin-bottom: 0.4em; color: #1e40af; margin-top: 0; }
h2 { font-size: 1.5em; margin-top: 0.8em; margin-bottom: 0.4em; color: #1e40af; border-bottom: 1px solid #d1d5db; padding-bottom: 0.2em; }
h3 { font-size: 1.1em; margin-top: 0.6em; margin-bottom: 0.3em; color: #374151; }
.title-page {
display: flex;
flex-direction: column;
justify-content: center;
align-items: center;
text-align: center;
min-height: 100vh;
}
.title-page h1 { font-size: 3em; }
.subtitle { font-size: 1.3em; color: #6b7280; margin: 0.3em 0; }
.date { color: #9ca3af; margin-top: 1em; }
.metric-table {
width: 100%;
border-collapse: collapse;
margin: 10px 0;
font-size: 10px;
}
.metric-table th {
background: #f3f4f6;
color: #1e40af;
padding: 6px;
text-align: left;
border: 1px solid #d1d5db;
font-weight: bold;
}
.metric-table td {
padding: 5px 6px;
border: 1px solid #e5e7eb;
}
.metric-table tr:nth-child(even) { background: #f9fafb; }
.code-block {
background: #1f2937;
color: #e5e7eb;
padding: 10px;
border-radius: 3px;
overflow-x: auto;
margin: 10px 0;
font-size: 9px;
line-height: 1.4;
}
.alert {
border-left: 3px solid #ef4444;
background: #fee2e2;
padding: 10px;
margin: 10px 0;
font-size: 10px;
}
.alert.warning {
border-left-color: #f59e0b;
background: #fef3c7;
}
.alert.success {
border-left-color: #10b981;
background: #ecfdf5;
}
ul, ol { margin-left: 15px; margin-top: 5px; }
li { margin-bottom: 4px; font-size: 10px; }
p { margin: 8px 0; font-size: 10px; }
.section { margin-bottom: 15px; }
</style>
</head>
<body>
<div class="page title-page">
<h1>Technical Analysis Report</h1>
<div class="subtitle">Autonomous System AS{{asn}}</div>
<div class="subtitle">{{networkName}}</div>
<div class="date">Generated: {{generatedAt}}</div>
<p style="margin-top: 2em; color: #6b7280;">Deep Technical Specification and Analysis</p>
</div>
<div class="page">
<h2>1. ASPA Technical Analysis</h2>
<h3>1.1 Adoption Status</h3>
<p><strong>Current Status:</strong> {{aspa.adoption_status}}</p>
<table class="metric-table">
<tr>
<th>Parameter</th>
<th>Value</th>
</tr>
<tr>
<td>Provider Verification Readiness</td>
<td>{{aspa.provider_verification}}%</td>
</tr>
<tr>
<td>ASPA Readiness Score</td>
<td>{{aspa.readiness_score}}/100</td>
</tr>
<tr>
<td>Documentation Completeness</td>
<td>Pending Implementation</td>
</tr>
</table>
<h3>1.2 Implementation Roadmap</h3>
<ol>
<li>Complete provider attestations (Step 1)</li>
<li>Publish ASPA objects in RPKI repository (Step 2)</li>
<li>Validate upstream provider support (Step 3)</li>
<li>Monitor adoption metrics (Step 4)</li>
</ol>
</div>
<div class="page">
<h2>2. RPKI Compliance Analysis</h2>
<h3>2.1 ROA Coverage</h3>
<table class="metric-table">
<tr>
<th>Metric</th>
<th>Value</th>
<th>Status</th>
</tr>
<tr>
<td>RPKI Compliance Score</td>
<td>{{healthScore.rpki}}/100</td>
<td>{{#if (gte healthScore.rpki 80)}}✓ Good{{else}}⚠ Needs Work{{/if}}</td>
</tr>
<tr>
<td>Invalid Routes Detected</td>
<td>{{threats.rpki_invalids}}</td>
<td>{{#if (eq threats.rpki_invalids 0)}}✓ None{{else}}⚠ Review{{/if}}</td>
</tr>
</table>
<h3>2.2 ROA Validation Process</h3>
<div class="code-block">RPKI Validation Chain:
├─ Fetch ROAs from RPKI Repository
├─ Validate Certificate Chain
├─ Check Origin ASN Authorization
├─ Verify Prefix Coverage
└─ Flag Invalid/Unknown Routes
</div>
</div>
<div class="page">
<h2>3. BGP Stability and Routing</h2>
<h3>3.1 Route Stability Metrics</h3>
<p><strong>BGP Stability Score:</strong> {{healthScore.bgp_stability}}/100</p>
<table class="metric-table">
<tr>
<th>Event Type</th>
<th>Count (24h)</th>
<th>Severity</th>
</tr>
<tr>
<td>Route Withdrawals</td>
<td>N/A</td>
<td>Standard</td>
</tr>
<tr>
<td>MOAS Events</td>
<td>{{threats.moas_events}}</td>
<td>{{#if (gt threats.moas_events 0)}}⚠ Monitor{{else}}✓ None{{/if}}</td>
</tr>
<tr>
<td>Anomalies</td>
<td>{{threats.anomalies_detected}}</td>
<td>{{#if (gt threats.anomalies_detected 0)}}⚠ Investigate{{else}}✓ None{{/if}}</td>
</tr>
</table>
<h3>3.2 Recommended Monitoring</h3>
<ul>
<li>BGP Update Frequency: Monitor for > 10 updates/minute</li>
<li>AS Path Length: Average < 5 hops</li>
<li>Prefix Churn: < 5% daily change</li>
<li>Origin AS Consistency: 100% match</li>
</ul>
</div>
<div class="page">
<h2>4. Peering and Interconnection</h2>
<h3>4.1 Network Topology</h3>
<table class="metric-table">
<tr>
<th>Topology Metric</th>
<th>Value</th>
</tr>
<tr>
<td>IXP Connections</td>
<td>{{peering.ixp_connections}}</td>
</tr>
<tr>
<td>Direct Peers</td>
<td>{{peering.peer_count}}</td>
</tr>
<tr>
<td>Peer Policy: Open</td>
<td>{{peering.open_peers}}</td>
</tr>
<tr>
<td>Route Exports</td>
<td>{{peering.route_exports}}</td>
</tr>
</table>
<h3>4.2 Peering Recommendations</h3>
<ul>
<li>Evaluate IXP presence in secondary locations</li>
<li>Document peering policies in IRR (AS-SET)</li>
<li>Implement route filtering (prefix lists)</li>
<li>Monitor peer session stability (BFD)</li>
</ul>
</div>
<div class="page">
<h2>5. Security Threat Assessment</h2>
<h3>5.1 Threat Summary</h3>
<table class="metric-table">
<tr>
<th>Threat Type</th>
<th>Detected</th>
<th>Risk Level</th>
</tr>
<tr>
<td>BGP Hijacks</td>
<td>{{threats.recent_hijacks}}</td>
<td>{{#if (eq threats.recent_hijacks 0)}}✓ Low{{else}}🔴 High{{/if}}</td>
</tr>
<tr>
<td>RPKI Invalid</td>
<td>{{threats.rpki_invalids}}</td>
<td>{{#if (eq threats.rpki_invalids 0)}}✓ Low{{else}}🟡 Medium{{/if}}</td>
</tr>
<tr>
<td>Anomalies</td>
<td>{{threats.anomalies_detected}}</td>
<td>{{#if (lte threats.anomalies_detected 2)}}✓ Low{{else}}🟡 Medium{{/if}}</td>
</tr>
</table>
<h3>5.2 Threat Mitigation</h3>
<div class="alert warning">
<strong>RPKI Validation:</strong> Implement route origin validation (ROV) to detect and filter invalid prefixes
</div>
<div class="alert success">
<strong>ASPA Adoption:</strong> Provider verification prevents path spoofing attacks
</div>
</div>
<div class="page">
<h2>6. Compliance and Standards</h2>
<h3>6.1 Standards Compliance</h3>
<table class="metric-table">
<tr>
<th>Standard</th>
<th>Status</th>
<th>Score</th>
</tr>
<tr>
<td>RFC 6811 (ROV)</td>
<td>Implementation Recommended</td>
<td>{{healthScore.rpki}}/100</td>
</tr>
<tr>
<td>RFC 9344 (ASPA)</td>
<td>{{aspa.adoption_status}}</td>
<td>{{healthScore.aspa}}/100</td>
</tr>
<tr>
<td>BCP 38 (Ingress Filtering)</td>
<td>Recommended</td>
<td>N/A</td>
</tr>
</table>
<h3>6.2 Data Sources</h3>
<ul>
{{#each dataSources}}
<li>{{this}}</li>
{{/each}}
</ul>
</div>
<div class="page">
<h2>7. Technical Recommendations</h2>
{{#each recommendations}}
<div class="alert">
<strong></strong> {{this}}
</div>
{{/each}}
</div>
<div class="page">
<h2>8. Appendix: Methodology</h2>
<h3>8.1 Data Collection</h3>
<p>Analysis performed using publicly available data from:</p>
<ul>
<li>RIPE RIS Route Collectors</li>
<li>RouteViews BGP Archive</li>
<li>RPKI Repository Objects</li>
<li>PeeringDB Network Database</li>
<li>WHOIS RDAP Queries</li>
</ul>
<h3>8.2 Scoring Methodology</h3>
<p>Health scores calculated using weighted metrics:</p>
<ul>
<li>ASPA: 25% of overall score</li>
<li>RPKI: 25% of overall score</li>
<li>BGP Stability: 25% of overall score</li>
<li>Peering Health: 25% of overall score</li>
</ul>
<h3>8.3 Confidence Levels</h3>
<p>All findings are based on publicly available network data. Internal network information not accessible via WHOIS/RDAP may affect accuracy.</p>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink