Michael,
> If an organization sets up routing so that all connections from the inside of > its network to a particular > resource outside of its network go through an particular router/proxy server, > Is that BGP Hijacking? Can you develop this one a little further ? Are we talking about traffic engineering / traffic shaping / net neutrality / packet classification / QOS ? Let’s look at the simple network example: A<-->G1<->G2<-->B G1 and G2 each could be some combination of: 1. Router 2. Simple Firewall 3. Firewall with deep-packet inspection 4. Proxy Server 5. Router that records all packets for security audits 6. Router that records all packets and sends them to a competing organization/nation 7. Router that adds delays for all packets for a particular One problem I see with coming to a clear definition of BGP or Route hijacking is that techniques used for network security are not hugely different from the techniques used for malicious activities. Keith -----Original Message----- From: Michel Py [mailto:[email protected]] Sent: Monday, May 6, 2019 12:41 PM To: Keith W. Hare <[email protected]>; [email protected] Subject: RE: BGP Hijacking Definition Hi Keith, Besides what you wrote (comments in-line), I think we need a very clear definition of what is a private network. If an organization is an operator, ISP, or hosting company, the part of their network that carries public traffic is not private. For a router, the management interface (if separate) is private, it's likely on a separate VLAN too. But the interfaces that carry traffic form / to customers, subscribers, and hosted services are public. > Keith W. Hare wrote : > If an organization uses a IPv4 prefix allocated/assigned to some other > organization (the DoD 30.0.0.0/8 for example) > within their internal network and filters out all references at the edges of > their network so that the general public > never sees any references, is that BGP Hijacking? I’m pretty sure we can > agree that this is not BGP hijacking. If you would add to that that they do not transport any non-organization data over it / be in context with what I wrote above about private network, I would agree. I'm not sure there is a name for that, would be a good idea to have one. Loitering ? > If an organization uses a IPv4 prefix allocated/assigned to some other > organization (the DoD 30.0.0.0/8 for example) > within their publically visible network and filters out all references at the > edges of their network so that the rest > of the internet never sees any references, is that BGP Hijacking? This is an > edge case that we need to consider carefully. I agree, especially if they transport customer / subscriber data over it. I think we should call that squatting. > If Organization A has an agreement/letter of authority to announce addresses > that has been allocated/assigned to > Organization B, and Organization B wants to replace Organization A with > Organization C, but there was some onerous > termination clause with Organization A that has not been met so Organization > A continues to announce Organization B’s > address space, is that BGP Hijacking? To me, this sounds like a contract > dispute that depends on the contents of the > private contract between A and B. Correct. ARIN has allocated addresses to organization B. In that case, org A and org B have to sort out their differences in the legal system. However, we have to be careful with similarities with your next point just below. What are the differences between them ? the lack of a contract or agreement, or the fact that ARIN does not have access to it ? or some other factor ? > If an organization A does not have a an agreement/letter of authority to > announce addresses that has been > allocated/assigned to Organization B but does so anyhow and allows that > announcement to propagate to the > general internet, is that BGP Hijacking? Seems highly likely to be BGP > Hijacking. I agree. Same as above though, we need a very clear definition of what constitutes not having an agreement or a contract before ARIN can make the determination that it is indeed hijacking. > From the outside, how do we know that an agreement/letter of authority does > not exist, is invalid, or is forged? This is where we have to be very complete, very comprehensive, and as much exhaustive as possible. > If an organization sets up routing so that all connections from the inside of > it’s network to a particular > resource outside of its network go through an particular router/proxy server, > Is that BGP Hijacking? Can you develop this one a little further ? Are we talking about traffic engineering / traffic shaping / net neutrality / packet classification / QOS ? Michel.
_______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
