Home page logo

nanog logo nanog mailing list archives

Re: resolving prefix hijacks (was Re: Prefix hijacking by Michael Lindsay via Internap)
From: Jon Lewis <jlewis () lewis org>
Date: Sun, 21 Aug 2011 15:22:03 -0400 (EDT)

On Sun, 21 Aug 2011, Ken Chase wrote:

That said, what is the de jure responce when a prefix is hijacked? Does
anyone have a 'best practices' guide? I am sure some of the most effective
vs legal practices are not in fact concomittant.

It doesn't hurt to complain/announce about it here and various other NOGs. Spamhaus, SORBS, and possibly other DNSBLs might, if they buy the case, decide to list the space until the dispute is resolved, especially if its being used for spamming operations.

But resolution is going to have to come from communications between the "owner", the relevant RIR, and the transit provider(s) (or possibly their transit providers) providing service to the hijacker.

The RIRs can't stop anyone from announcing routes...but I suspect any legitimate NSP when approached by ARIN, RIPE, APNIC, etc. and told that routes they're propagating for a customer are hijacked, will accede to the opionion of the RIR.

 Jon Lewis, MCP :)           |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]