Home page logo
/

nanog logo nanog mailing list archives

Re: Ettiquette and rules regarding Hijacked ASN's or IP space?
From: Kai Schlichting <kai () pac-rim net>
Date: Mon, 9 Jun 2003 20:12:43 -0400


On 6/9/2003 at 4:06 PM, "Christopher L. Morrow" <chris () UU NET> wrote:


Sure, you are announcing 196.1.1.0/24 and only that, fine, but are you
allowed to announce that prefix? Are you "Centre for Monitoring Indian
Economy" ?? Or is this your direct customer and you are just the sat-link
provider for him?

Being able to answer such 64,000-dollar-questions with authority is the
issue ARIN's registry operations are facing, pass or fail. And you can
take that literally: the recent hijacking events have put ARIN's rules,
procedures and current registry data so much into question - it'll be
(do || die) for them. The inherited Internic data going back almost 20
years doesn't help things. Indeed, I think that any and all legacy
assignments should be purged, like the old Usenet, one by one. Some
things that could be done:

- contact all owners of IP space or ASNs with a demand to show legal, notarized
  paperwork showing their company's status as incorporated/active, and/or
  legal successor to the original registrant. Gotta use those 7 years of
  business records you're required to hold for something!

- non-announced IP space with defunct contacts: -> reserved status, no
  AS may route those, until resolved per above

- non-announced IP space with working contacts: email to POC every
  30 days with the legal demands (email/paper mail). After 90 days:
  network set to 'reserved' status, no AS may announce these,
  until resolved per above.

- announced IP space: announcing AS to be contacted in addition to POC
  for the network object. For AS's in violation, this shall mean that
  all upstream ASs as visible at popular exchange points should be
  contacted (at least once) as well.

- announcing AS's that violate the 'do not announce' rule shall be
  dealt with in ways similar to the non-cooperating entities described in:
  http://www.arin.net/policy/2003_1.html - they will get their own network
  objects suspended.

- complete publicly accessible list of all 'reserved' networks - the
  DNSBLs and private BGP blackhole feeds will do the rest.
  Wouldn't you want to know how quiet your inbox can be, when you
  have a BGP4 blackhole feed with SPEWS L1 as the source...



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]