Home page logo
/

nanog logo nanog mailing list archives

RE: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)
From: Nathan Eisenberg <nathan () atlasnetworks us>
Date: Thu, 2 Feb 2012 18:23:09 +0000

So, to pose the obvious question: Should there be [a law against
prefix hijacking]?

While I'm certain that's largely rooted in lawmakers who are not technically savvy, I wonder if we-as-an-industry 
couldn't (or, shouldn't) be doing more to move internal values and policies into defensible legal standards.

So far the track record of the US government trying to make laws
regarding technology and the Internet has been less than stellar.

The DMCA is already bad enough, but we continue to see things like
PROTECT IP and SOPA pop up in attempts to hand over even more control
of the Internet to those with enough money to buy the votes; at great
cost to service providers and universities, mind you.

The best we-as-an-industry seem to be able to contribute to the problem is strongly worded and expertly backed 
petitions to Congress.  We're in permanent legislative fire-fighting mode, and we seem to be losing ground at an 
alarming pace.
 
Over the past few years it has become blatantly obvious that entire
industries are trying to gain special control over the Internet.  The
RIAA and the MPAA both being openly guilty:

"Candidly, those who count on quote 'Hollywood' for support need to
understand that this industry is watching very carefully who's going
to stand up for them when their job is at stake, don't ask me to write
a check for you when you think your job is at risk and then don't pay
any attention to me when my job is at stake."

Chris Dodd, CEO MPAA in response to Obama position on SOPA.
 
You and I agree that this is a disturbing concept - I doubt there are many dissenting opinions on this list (which is 
its own monoculture issue for another day).

With attempts at government control of DNS already underway, I think
handing over control of BGP would be a dream come true for these guys.
 
Indeed - and I don't think anyone is suggesting that we hand operational control of BGP to the courts.  I'm more 
curious about legally codifying RIR allocations (obviously, this is a complex and regional issue, but since the two 
parties in the OP were both US based companies, we can at least begin to have this conversation).

Again, I don't know what the right answer is.  I'm just turning this over in my brain, and it seems to me that the 
current state of affairs is too fragile.  There is no 'drivers test' before you get your AS number.  There are few 
consequences for hijackers and the service providers who support them - especially if those providers are very large.  
There is historical precedent for government regulation in non-virtual industries helping to curb the chaos.

Hypothesis: If operators could recover their damages via the legal system from a service provider for aiding and 
abetting the hijacking of their ARIN assigned space, it would encourage a great deal more due-diligence in the service 
provider space.  With nothing to gain, and money to lose, companies will expect their netops people to behave as good 
netizens.

Thoughts?

Nathan


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault