On Thu, 2 May 2019, Scott Leibrand wrote:
Do you have any reason to believe that ARIN getting involved in real-time
notification of BGP hijacking, with or without firmly worded language and with
or without an implied threat, will be any more effective than current methods of
shutting down hijacks once they've started? My impression is that nearly all
hijacks are quickly filtered by transit providers once they're contacted by the
legitimate holder of the addresses.
Hi,
However, some hijackers decide to use unallocated space or space which is
likely to be held by closed companies -- so a contact by the legitimate
owner becomes highly unlikely.
IMO "punishment" of those responsible for allowing hijacking seems like
something best solved through the legal system, not via extrajudicial penalties and fines
imposed by an industry association. But if we do decide we want ARIN
to create acceptable standards of conduct with regard to routing, and fine
resource holders who violate it, under threat of resource revocation if those
fines aren't paid, there will need to be a *lot* of work done to set up such a
system so that it doesn't risk ARIN picking a legal fight it's going to lose,
and putting the entire registry at risk.
I don't really see how the registry is more at risk when the data it
contains is made irrelevant by some of its members...
About the legal system:
- In how many countries in the ARIN region it is against the law to hijack
internet prefixes?
- In how many states within the US is against the law to hijack internet
prefixes?
I actually don't have an answer for any of those two questions above, so
if anyone has a clue, it will be most appreciated! :-)
If the answer is "zero" to both... then the legal system is not really an
option. :/
Regards,
Carlos
-Scott
On Thu, May 2, 2019 at 1:29 PM Andrew Bagrin <[email protected]> wrote:
If the hijacking entity is not and ARIN customer, ARIN likely has a
relationship with adjacent ASN's that propagate the hijacked BGP routes and can
at the very least notify them that they are propagating routes that have
been reported as being hijacked. They can further repeat the statement with a firm
voice, and add "or else" at the end.
Add penalties and fines could be a way to reduce prolonged propagation of
hijacked routes.
On Thu, May 2, 2019 at 10:18 AM Adam Thompson <[email protected]> wrote:
Instead of focusing on whether the current proposal is or isn?t in scope,
I suggest we re-cast the discussion as follows:
1. So far, we have unanimous community agreement that BGP hijacking is
bad.
2. So far, we have broad agreement that ?something ought to be done?
about BGP hijacking, although detailed opinions vary significantly.
3. So what (else) can ARIN do about it? (Caveat: the answer ?nothing?
is unacceptable to a significant proportion of PPML participants.)
My suggested direction to the AC and/or the board would therefore be:
Find something ARIN can do to help combat the problem (more effectively). If
this requires expanding the scope of ARIN?s operations or policies,
bring that back to the membership (possibly via PPML?) with the accompanying
financial & legal analysis, as usual.
Now the question becomes: what is the most appropriate mechanism, within
ARIN?s existing policies, to bring a request like that to the AC and/or Board?
It seems clear to me that the petition already underway here is
not meeting, and will not meet, the needs of the community very well.
-Adam
Adam Thompson
Consultant, Infrastructure Services
merlin-email-logo
100 - 135 Innovation Drive
Winnipeg, MB, R3T 6A8
(204) 977-6824 or 1-800-430-6404 (MB only)
[email protected]
www.merlin.mb.ca
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
