Home page logo
/

nanog logo nanog mailing list archives

Re: Ettiquette and rules regarding Hijacked ASN's or IP space?
From: jlewis () lewis org
Date: Mon, 9 Jun 2003 12:53:52 -0400 (EDT)


On Mon, 9 Jun 2003, Joe Abley wrote:

The ISP in Toronto asked for an LOA, and got one, neatly presented on 
company letterhead, and accompanied by e-mail from the tech contact for 
the block confirming that the request to advertise the block was 
authorised.

Is that enough justification to perform the announcement? Where exactly 
should the line be drawn?

Unfortunately, probably not.  How do they know it was company letterhead?  
Had they ever seen the company's letterhead before?  How do they know I 
didn't just create that LOA and letterhead in OpenOffice?

Maybe some service akin to a credit check is required.

   "Hello, I have a request to accept an announcement of 203.97.0.0/17 
from AS 4768."
   "That request is legitimate according to our records, here is your 
auth code."

Trouble is, how do you/they know if both the space and ASN have been 
hijacked?

   "Hello, my new customer with the following contact details has asked 
me to originate 203.167.0.0/18 from AS 9327."
   "We cannot confirm the legitimacy of that request, and the listed 
contact for 203.167.0.0/18 has been informed of your request."

The listed contact may not be who ARIN [or other local RIR] thinks it is.

Since the RIRs contain the information required to answer those 
questions, you'd expect them (or their data) to be involved in the 
process of answering them.

They really don't.  Thus far, when space is assigned, the RIRs have no way 
to later authenticate that an organization using the space is the same one 
that they assigned it to.

As for the current state of BGP authentication/sanity checking, I can say 
2 of my 4 upstreams take whatever I put in the routing registry.  The 
other two require an email be sent requesting prefix filter updates.  I 
was just told by one, that they'll accept whatever I request, only 
questioning it if someone complains to them about it.  The other, I 
haven't asked, but I assume they work similarly.  On the bright side, all 
of them are at least filtering.
 
----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault