Home page logo
/

nanog logo nanog mailing list archives

Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)
From: Eric Brunner-Williams <brunner () nic-naa net>
Date: Thu, 02 Feb 2012 13:58:36 -0500

On 2/2/12 12:32 PM, Ray Soucy wrote:
So, to pose the obvious question: Should there be [a law against prefix hijacking]?



So far the track record of the US government trying to make laws
regarding technology and the Internet has been less than stellar.
...

While I agree with Ray's points, I want to point out that "new law" to
address (obvious pun) disruptive announcements may not be necessary --
at least, I blew off the better part of a day writing to Peter Dengate
Thrush and Rod Beckstrom that arbitrary bad acts in the public
addressing system were the proper concern of the entity tasked with
the technical coordination of unique endpoint identifiers.

I didn't expect much from the recipients -- I've known Peter too long
and never could be bothered to share Rod's twinkle, but while one
prefix announcement may harm one set of downstreams, rapid sustained
announcement and withdrawal will harm the DFZ, a much larger kettle of
digital fish.

One could claim that absent convergence limiting effect on the DFZ no
prefix bogosity has general adverse effect (but some prefixes are more
interesting than others, so that isn't a policy without nuances), and
enjoy watching the state actors and non-state actors and ordinary
venal idiots and very ordinary fatfingered idiots*
prepend/announce/withdraw with gleeful abandon, or one could assert
that autonomous reallocations of limited resources has general adverse
effect in addition to the local effect on downstreams, and associate
coordinated corrective reallocations with autonomous reallocations.
That's "pulling the plug" on retarded dictators, embezzlers, and the
latent mil-wits who view the DNS and BGP infrastructures as legitimate
military targets.

I don't expect progress overnight, in fact I wrote the former Chair
and current CEO of that "entity tasked with the technical coordination
of unique endpoint identifiers" with no expectations at all
(knowledge, supra), but policy response (including errors, see PIPA,
SOPA, et seq.) to bad acts in one set of identifiers can be extended
to policy response (including errors, resolvers have no monopoly on
errors) on the other set of identifiers.

So, new law? I don't think its necessary.

YMMV,
Eric


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]