> On May 7, 2019, at 12:25 , Michel Py <[email protected]> > wrote: > > Hi Keith, > >> Keith W. Hare wrote : >> I have not yet seen a complete clear consistent definition of BGP/Route >> hijacking. Such a definition is a prerequisite to defining a meaningful >> policy. > > I agree. > > And in order to have that clear consistent definition of what hijacking is, > we also have to define what it is not. > Included, but not limited to : > Let me take a stab…
BGP Hijacking is the BGP origination of a prefix by someone other than the RIR registrant (if any) who does so without the express permission of the registrant or beyond the term of such permission by registrant. > - Squatting. > - Loitering. I’m not sure I agree that these are not hijacking. > - Some forms of DDOS mitigation. > - Leasing (same as DDOS mitigation, it's technically hijacking with > permission). Presumably these involve permission of the registrant and are therefore > - Traffic Engineering. > - Traffic Shaping. Presumably these do not involve BGP origination of the prefix in question except in the case of TE by the prefix owner. > - Interception (lawful and not). Well, I can see how we might say that lawful intercept is not hijacking (I’m not sure I agree 100%), but how would non-lawful intercept through route origination be classified as not hijacking? > - ASN impersonation. > - ASN usurpation. I agree that these in and of themselves are not hijacking, but, using said impersonated or usurped ASN as a prepend or on a route originated as defined above would, IMHO, still be a form of hijacking. (The ASN use itself isn’t, but the origination of the route is still hijacking). > - AS-PATH manipulations. Agreed, except in the case where the announcement resulting still meets the origination test defined above. > - The relation between MPLS and BGP. > - VRFs. In the cases where these activities fail the above test, I would agree. In the cases where they meet the above test, I would argue that they still constitute hijacking. >> To me, ARIN’s current practice is a good way of responding to BGP/Route >> hijacking reports. >> It includes the flexibility, investigation, and communication necessary to >> identify and >> correct issues. The current practice works by using communication and >> persuasion. It has >> the advantage that the details are not codified in policy and so can adjust >> depending on >> the actual details and intent discovered during the investigation. > > +1 > > I trust that ARIN's staff has the necessary training, experience, background, > and technical expertise for such practice. > Which unfortunately I can't say the same about some of the participants in > the recent debate. > > I welcome questions, and I hope ARIN will continue to weigh correctly the > assertions of people who have never configured BGP on a production network. +1 Owen _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
