[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Fri May 3 12:40:45 EDT 2019

There are many examples...  Here is one:

- Company X hires hosting company Y for hosting service.
- Company X allows company Y to advertise their IP blocks
- Years later, company X decides to move to another hosting provider.
- There is disagreement on the contract terms, agreement length, renewal
(or some other caveat of the relationship) clearly Company Y does not want
to lose the revenue from company X.
- Since company Y is losing company X as a customer, they decide to send
them a random invoice (justified or not) and say they own them $50k (or
whatever amount).
- Company X says, this is BS, we don't owe this. - matter needs time to get
resolved (perhaps even legally)
- Company X ask company Y to stop advertising their IP blocks because they
are now moving to another hosting provider.
- Company Y says "no, we are not going to fulfill any "support requests"
until you pay your invoice"

Hosting providers have been struggling since there has been so much
competition, which breeds these types of behavior.

Regardless of disagreements of any kind, an AS should not continue to
advertise another's IP blocks if the owner does not want them to.

Again, this is just one example.

In this scenario, ARIN could facilitate with a process by notifying company
Y that they are in violation, as well as report to their peering AS's.  It
is very helpful to have a simple mechanism in place.

Andrew

On Fri, May 3, 2019 at 11:24 AM Keith W. Hare <Keith at jcc.com> wrote:

> Andrew,
>
>
>
> So far, I have seen lots of discussion of the issue but I have not seen a
> single concise coherent complete definition of the BGP hijacking problem
> that includes:
>
> ·         What technical mechanisms are used to create a BGP hijack
>
> ·         How BGP hijacking is initiated
>
> ·         Why BGP hijacking is possible
>
> ·         The frequency of BGP hijacking instances
>
> ·         How long BGP hijacking instances last
>
> ·         The locations of BGP hijacking instances
>
> ·         How information about BGP hijacking instances can be gathered
>
>
>
> Without a really clear definition of the problem, it is hard to evaluate
> the effectiveness of the proposed process.
>
>
>
> So far, it is not at all clear to me how the process described in proposal
> 266 will have any effect on the problem, but that may be because I do not
> fully understand the problem.
>
>
>
> Keith
>
>
>
> *From:* ARIN-PPML [mailto:arin-ppml-bounces at arin.net] *On Behalf Of *Andrew
> Bagrin
> *Sent:* Friday, May 3, 2019 10:05 AM
> *To:* Marilson Mapa <marilson.mapa at gmail.com>
> *Cc:* arin-ppml at arin.net
> *Subject:* Re: [arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP
> Hijacking is an ARIN Policy Violation
>
>
>
> I'm curious why do people not want to let ARIN try to start getting
> involved to help resolve the issue of hijacking?
>
>
>
> Are you doing hijacking and don't want interference?
>
> Are you running a competitive service that you charge for?
>
>
>
> Does anyone believe there is a valid reason to hijack and advertise IP
> space that you do not own? (when the owner of that space does not want you
> to advertise it)
>
>
>
> Why would anyone be against ARIN having a process to help resolve these
> issues?  Sure we can question how effective it will be, but anything will
> be more effective than nothing, and by actually doing, failing and
> learning, ARIN will only improve and refine the process. We will all learn
> from this.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190503/bef8acd3/attachment.htm>