[arin-ppml] Hijackings

Ronald F. Guilmette rfg at tristatelogic.com
Tue Apr 26 22:03:30 EDT 2011

In message <4DB731AA.4080009 at ipinc.net>, 
Ted Mittelstaedt <tedm at ipinc.net> wrote:

>But if {hijacking} IS happening, and the originating AS isn't supposed to be
>announcing those blocks, according to WHOIS, then you should be able
>to complain to the next hop AS admins of the hijacker and get them
>shut down.

I do not "complain" to ISPs or NSPs anymore.  One third of the time their
contact e-mail addresses (including those in ARIN WHOIS records) are non-
deliverable.  Of the remaining ones, my own ad hoc empirical studies
suggest that 90+% of them are either actually or effectively aliased to
/dev/null (except for .edu stuff, where they actually have warm bodies
paying attention).

Trying to make contact via telephone has proven even less fruitful, in
general.  After wading through agonizingly slow menu trees I am usually
directed, after a long hold-time wait (accompanied by elevator music),
to a first level customer support tecnician who informs me that unless
I can give her my customer number, she is not allowed to talk to me.

I suppose that if I was really motivated I could try snail-mail and/or
pony express, but I am fresh out of quill pens. :-(

On the rare occasions when I am actually able to make contact with anyone
who is even capable of comprehending what I am trying to say, I am usually
told that if I have iron clad PROOF that the block in question is being
hijacked AND if and only if I am the rightful owner of the block in question,
then and only then I should have my lawyer contact their lawyers next Monday
(and otherwise I can go pound sand).

You said:

>... if {hijacking} IS happening... then you should be able
>to complain to the next hop AS admins...

I think the operative word there is "should", as in "in an ideal world".

Anyway, none of this is at all relevant to my proposal.  Hijacking does
happen and is happening.  In some cases, appropriate people inside of
major NSPs read about it, e.g. on NANOG, and _then_ they do something
about it.

The proposal I proposed would create a deterrent for people and companies
that are contemplating the idea of performing hijackings.

The idea is to prevent hijackings from occuring, not merely to clean up
after they have already happened.

At present, there would seem to be no deterrent at all to this sort of
behavior.  And yet some people scratch their heads and wonder why this
keeps on happening, over and over again.


More information about the ARIN-PPML mailing list