Home page logo

nanog logo nanog mailing list archives

Re: Ettiquette and rules regarding Hijacked ASN's or IP space?
From: "Mr. James W. Laferriere" <babydr () baby-dragons com>
Date: Tue, 10 Jun 2003 11:39:33 -0400 (EDT)

        Hello Kia ,  In line

On Mon, 9 Jun 2003, Kai Schlichting wrote:
On 6/9/2003 at 4:06 PM, "Christopher L. Morrow" <chris () UU NET> wrote:
Sure, you are announcing and only that, fine, but are you
allowed to announce that prefix? Are you "Centre for Monitoring Indian
Economy" ?? Or is this your direct customer and you are just the sat-link
provider for him?

Being able to answer such 64,000-dollar-questions with authority is the
issue ARIN's registry operations are facing, pass or fail. And you can
take that literally: the recent hijacking events have put ARIN's rules,
procedures and current registry data so much into question - it'll be
(do || die) for them. The inherited Internic data going back almost 20
years doesn't help things. Indeed, I think that any and all legacy
assignments should be purged, like the old Usenet, one by one. Some
things that could be done:

- contact all owners of IP space or ASNs with a demand to show legal,
  paperwork showing their company's status as incorporated/active, and/or
  legal successor to the original registrant. Gotta use those 7 years of
  business records you're required to hold for something!
        Already in progress .  Using DNS lameness as start basis .  I just
        got a note for an old ip-range I had promised the owner I'd keep
        active and forgot about over the years .

- non-announced IP space with defunct contacts: -> reserved status, no
  AS may route those, until resolved per above
        How would you go about admonishing hijackers (or what appears as a
        hijacker) OR the provider that has been given a letter of approval
        from the agency that appears to have the lease ?  ... lots more
        questions in this vein ?  For all of the items mentioned below .
        Just one foopah with a blackhole server & NOone is going to remain
        attached to it .  That has been proven over & over again .  If you
        can not implicitely trust the operator(s) of the blackhole(s)
        operators will etierh run their own of ignore the blackholes .

- non-announced IP space with working contacts: email to POC every
  30 days with the legal demands (email/paper mail). After 90 days:
  network set to 'reserved' status, no AS may announce these,
  until resolved per above.

- announced IP space: announcing AS to be contacted in addition to POC
  for the network object. For AS's in violation, this shall mean that
  all upstream ASs as visible at popular exchange points should be
  contacted (at least once) as well.

- announcing AS's that violate the 'do not announce' rule shall be
  dealt with in ways similar to the non-cooperating entities described in:
  http://www.arin.net/policy/2003_1.html - they will get their own network
  objects suspended.

- complete publicly accessible list of all 'reserved' networks - the
  DNSBLs and private BGP blackhole feeds will do the rest.
  Wouldn't you want to know how quiet your inbox can be, when you
  have a BGP4 blackhole feed with SPEWS L1 as the source...
       | James   W.   Laferriere | System    Techniques | Give me VMS     |
       | Network        Engineer |     P.O. Box 854     |  Give me Linux  |
       | babydr () baby-dragons com | Coudersport PA 16915 |   only  on  AXP |

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]