Home page logo
/

nanog logo nanog mailing list archives

Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)
From: Jimmy Hess <mysidia () gmail com>
Date: Wed, 1 Feb 2012 20:43:51 -0600

On Wed, Feb 1, 2012 at 4:43 PM, Seth Mattinen <sethm () rollernet us> wrote:

Phoenix NAP colluding to hijack address space and then balking when it
was brought to their attention is a perfect example someone could use to
say why "we" need to be regulated. And I'm sure it will eventually


There are always going to be some bad actors,  and some negligent
participants who get taken advantage of by bad actors.  There's no way to
guarantee a service provider capable of hijacking space does not fall into
the category of negligent facilitator.

Simple government regulation is of limited value, since the problem network
may be overseas.   Also,  separate networks that adhere to different rules
should  not have to follow the internet's conventions  --  if they want to
implement their own local variant of TCP/IP on their computers connected
over private connections but not connect to the internet, and therefore
follow their own address management system,  in a free society, people
should be free to do this with their computers;  the last thing we ever
need are governments mandating global uniqueness of IP addresses, ASN
numbers, Port numbers,  or other aspects of the engineering of private
computer networks.



I would say a service provider entering into a contractual relationship
with any other network that does not allow the service provider to make and
enforce their own network access TOS and routing policies and disconnect
downstream networks as necessary to protect network stability or comply
with upstream routing policies and what the RFCs and IANA say regarding
internet address management,  is negligent,  from the community's point of
view, in that they are not taking the reasonable care that is expected  and
necessary of service providers participating in the internet.



Agreement to implement RPKI by RIRs and  the RIR community would solve the
problem but has other drawbacks.


What the internet really needs is  Tier1 and Tier2 providers participating
in the internet who  "care", regardless of the popularity or size of
netblocks or issues involved.   And by "care", I mean,  providers
efficiently investigating reports of hijacking or rogue announcement,  and
taking switft responsible actions, without  bureaucratic processes
requiring   years   and reams of paperwork, or any attempt to shrug off
responsibility they have as intermediary.

--
-JH


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]