[arin-ppml] Hijackings

Ted Mittelstaedt tedm at ipinc.net
Tue Apr 26 16:57:14 EDT 2011 

On 4/26/2011 1:35 PM, Ronald F. Guilmette wrote:
>
> In message<Pine.LNX.4.61.1104260938410.5148 at soloth.lewis.org>,
> Jon Lewis<jlewis at lewis.org>  wrote:
>
>> So, though most probably don't, I do have personal experience with ARIN
>> acting as routing police.
>
> I personally would very much like to see _somebody_ take up the mantle
> of "routing police".  Although ultra-democratic egalitarian chaos may
> work just fine for PTA meetings and small-scale Libyan uprisings, I for
> one have never been persuaded that it is a viable model for the management
> of a planetary-scale network of networks that is responsible for handling
> multiple trillions of dollars of commerce every year.
>
> But reality is what it is, and the reality is that 99.9% of the modern
> Internet is owned and operated by corporations, and corporations are
> always loath to allow anybody else to tell them what to do.
>
> So I am distinctly _not_ proposing the creation of "router police".  I
> know that any such proposal would have less than a snowball's chance in
> hell of accruing any significant political support at the present time.
>
> It usually takes a war before centripetal forces exceed centrifugal forces.
> Humans, by nature, cling to the philosophy of "every man for himself" until
> there arrives a credible threat from outside.
>
> Someday, when the Chinese reach the conclusion that announcing whatever
> routes they feel like announcing is in their own best interests, _then_
> there may be some serious talk of "router police", but not before.
>
> In the meantime however, it seems like it might at least be a good idea
> for the community to have _some_ defined mechanism of clearly expressing
> its profound disapproval of the actions of those few participants that
> deliberately and repeatedly flout even the scant and minimalist rules of
> order which so far have managed to keep this unruly chaos afloat, even if
> only barely.
>

That is what the RIR's WHOIS database is for.  That is why we have the 
POC cleanup defined in the NRPM.

In an ideal world, if an org hijacks a network block and starts 
announcing it, the org's AS and assigned IP numbers in WHOIS would not
match.  If that isn't happening then there is a problem that we need to
fix.

But if it IS happening, and the originating AS isn't supposed to be
announcing those blocks, according to WHOIS, then you should be able
to complain to the next hop AS admins of the hijacker and get them
shut down.

Ted

>
> Regards,
> rfg
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list