[arin-ppml] Hijackings

Charles O'Hern charles at office.tcsn.net
Tue Apr 26 13:27:08 EDT 2011 

On 4/26/11 1:29 AM, Ronald F. Guilmette wrote:
> 
> In message <1FF55C04-0F29-41D3-8B78-2BDE71FAE0C6 at arin.net>, 
> John Curran <jcurran at arin.net> wrote:
> 
>> On Apr 25, 2011, at 7:04 PM, Ronald F. Guilmette wrote:
>>
>>> P.P.S.  For the benefit of everyone who will carp if I do not propose
>>> some new policy in each and every posting I make to this list, here is
>>> a proposed new policy:
>>>
>>>     If any legal entity (person, LLC, corporation, or whatever) is caught
>>>     red-handed on two or more different occasions hijacking either ASNs
>>>     or IP space which has not been assigned to the entity in question, th=
>> en
>>>     ARIN shall immediately revoke any and all number assignments it has
>>>     made to said entity, and said entity will henceforth be forever and
>>>     permanently banned from obtaining, from ARIN, any new number resource=
>> s
>>>     whatsoever.
>>>
>>> That's my proposal and I'm sticking to it.
>>
>> Ron - If you want to propose this...
> 
> I guess that you and I are working from different definitions of the word
> ``propose''.
> 
> Not only did I _want_ to propose it, I was under the impression that I
> actually _had_ proposed it.

You should read the pdp.  An email to the ppml does not a proposal make.  There's a r

> Admittedly, my proposal lacked fancy numbered headings, sub-headings,
> Chapter titles, a table of figures (with circles & arrows on the back)
> and all that fancy stuff, but it's still a proposal.

All that fancy stuff exist for good reasons, but the people here are pretty good at helping proposals shape up.
Under what sections of the NRPM should your proposed text be included?  Will it replace existing text?
While it seems obvious, what is the rationale for the proposal?

>> please include one more paragraph that better defines "caught hijacking"...
> 
> As you wish...
> 
> "Caught hijacking" for IP address blocks means that the legal entity in
> question is itself demonstratably announcing route(s) to the IP address
> block in question AND that no evidence is proffered or forthcoming, within
> a reasonably time frame (e.g. 1 week) which would reasonably support a
> claim that either:
> 
>     (a) the IP block in question is currently assigned to the legal entity in
> 	question, or else
> 
>     (b) that the legal entity to which the block(s) were actually assigned had
>         given its explicit consent to the legal entity that is actually
> 	announcing routes to the block(s) in question to make or perform
> 	such announcement(s).

There is a wording problem there with "explicit consent" in (b).  It could be argued that my network has an explicit agreement of consent with my BGP peers, but that argument can
not be made for my peers' peers, who need to announce my routes for my network to function properly.  That text needs revision, imo.

> "Caught hijacking" for an ASNs means that the legal entity in question is
> itself demonstratably announcing one or more routes via the ASN in question
> AND that no evidence is proffered or forthcoming, within a reasonably time
> frame (e.g. 1 week) which would reasonably support a claim that either
> 
>     (a) the ASN in question is currently assigned to the legal entity in
> 	question, or else
> 
>     (b) that the legal entity to which the ASN was actually assigned had
> 	given its explicit consent to the legal entity that is actually
> 	announcing routes via the ASN in question to make or perform such
> 	announcement(s).

The same argument about peers' peers might apply here as well.

>> That will significantly aid in implementation.
> 
> I can see how that might be the case, yes.
> 
>>> Note that the above proposal, if adopted, would still not result in ARIN
>>> becoming in any sense the "router police".
>>
>> See above.
> 
> ARIN does not now, and would not, under this proposal, have its hands on the
> proverbial switches, knobs, and dials of any routers anywhere.  As now, it
> could not tell anybody what to route or conversely what not to.  (The
> community quite clearly opposes any such control on ARINs part and this
> proposal would do nothing to change the fact that ARIN does not own or
> operate any routers, other than its on in-house ones.
> 
> Under this proposal however, ARIN would be empowered to actually observe,
> take note of, and act upon what is really going on out here, but only in-
> sofar as its data base and its present and future allocations are concerned
> (just as currently).
> 
> 
> Regards,
> rfg
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

I think in the long run, this kind of proposal will be a non-op.  I'm under the impression that the only 'legal entities' who this might affect would be those who aren't coming to
ARIN for services anyways or will be operating under a separate 'legal entity' from their legitimate operations.

Still I'm not opposed, just not advising a whole lot of work be directed this way.

-- 
Charles O'Hern
Network Operations

TCSN - The Computer Shop Netlink
1306 Pine St. Paso Robles CA 93446
1-(805) 227-7000  1-(800) 974-DISK
http://www.tcsn.net  abuse at tcsn.net

More information about the ARIN-PPML mailing list