[arin-ppml] Board Rejects "ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation” Due to Scope

David Farmer farmer at umn.edu
Fri Jul 12 12:00:14 EDT 2019


While I concur that this proposal is out of scope for the PDP. This matter
concerns the terms and conditions of the RSA contract between ARIN, it's
members, and other resource holders, the details of which are not within
the scope of the PDP but are in the purview of the Board of Trustees.
However, I still think the ARIN community should consider and discuss this
matter and work with the Board and Staff to address it to the extent
possible.

To that end, looking at Route Hijacking more generically, what is it? It is
announcing a route for IP addresses registered to someone else or using an
ASN registered to someone else to announce routes, without the permission
of the registrant. Or more simply, it is one of many ways of disrupting or
interfering with a third party's use of services provided to them by
ARIN. Where the service provided by ARIN, in this case, is the unique
registration of IP addresses and ASNs, which is effectively the primary
mission of and service provided by ARIN and the other RIRs.

So, If Route Hijacking is thought of as interfering with or disrupting a
service provided by ARIN, then the RSA seems to addresses the situation
already, clause 2.(d), the "Prohibited Conduct", and in particular,
sub-clause (i) "disrupt or interfere with the security or use of any of the
Services".

Then such interference would then trigger clause 13(b), "Suspension of
Services or Termination of Agreement for Cause by ARIN." From there, upon
notice, and with an opportunity to cure and/or to dispute the situation in
most cases, ARIN will per clause 13(e)(i), "immediately revoke the Included
Number Resources and otherwise cease providing the Services."

ARIN already has publicized how it handles reports of Route Hijacking;
https://teamarin.net/2019/05/06/how-does-arin-handle-reports-of-route-hijacking/

I think the only thing that needs to be added or clarified beyond that is
if those procedures don't resolve an issue, ARIN may pursue formal remedies
available via the  "Prohibited Conduct By Holder" of the RSA, section 2(d).

While ARIN can and should pursue termination of the RSA is the absolute
worst cases of intentional Route Hijacking; nevertheless, most instances of
Route Hijacking are accidental, and the termination of the RSA is not an
appropriate or proportional response in these cases, or in other cases the
perpetrator does not have an RSA with ARIN. Therefore this is not
fundamentally going to fix or eliminate the problem.

Thanks.


On Thu, Jul 11, 2019 at 7:28 AM ARIN <info at arin.net> wrote:

> On 20 June 2019, the Board of Trustees rejected "ARIN-prop-266: BGP
> Hijacking is an ARIN Policy Violation” due to scope, following the
> successful petition by the authors on 1 May 2019.
>
> Per ARIN’s Policy Development Process, discussion regarding
> ARIN-prop-266 is hereby closed.
>
> Board of Trustees Meeting Minutes are available at:
> https://www.arin.net/about/welcome/board/meetings/
>
> Draft Policy and Policy Proposal texts are available at:
> https://www.arin.net/participate/policy/drafts/
>
> The ARIN Policy Development Process (PDP) can be found at:
> https://www.arin.net/participate/policy/pdp/
>
> Sean Hopkins
> Policy Analyst
> American Registry for Internet Numbers (ARIN)
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>


-- 
===============================================
David Farmer               Email:farmer at umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190712/5d108e38/attachment.html>


More information about the ARIN-PPML mailing list