[arin-ppml] BGP Hijacking Definition

Keith W. Hare Keith at jcc.com
Mon May 6 11:20:15 EDT 2019 

RFC7908 "Problem Definition and Classification of BGP Route Leaks" (https://www.rfc-editor.org/rfc/rfc7908.txt) articulates six classifications of Route Leaks.

If done deliberately, are all six Route Leak classifications considered to be BGP Hijacking?

Are there events not included in the RFC7908 classifications that are BGP Hijacking?

Thanks Hank for the pointer to RFC7908.

Keith

-----Original Message-----
From: ARIN-PPML [mailto:arin-ppml-bounces at arin.net] On Behalf Of Hank Nussbacher
Sent: Monday, May 6, 2019 10:51 AM
To: arin-ppml at arin.net
Subject: Re: [arin-ppml] BGP Hijacking Definition

On 06/05/2019 17:09, Keith W. Hare wrote:

RFC7908

-Hank

> Töma,
>
> Prop-266 uses the phrase "BGP hijacking" but does not define it. Without a careful definition of "BGP hijacking", it is not possible to define the difference between intentional and accidental hijacking.
>
> Keith
>
> -----Original Message-----
> From: Töma Gavrichenkov [mailto:ximaera at gmail.com]
> Sent: Monday, May 6, 2019 9:44 AM
> To: Keith W. Hare <Keith at jcc.com>
> Cc: arin-ppml at arin.net
> Subject: Re: [arin-ppml] BGP Hijacking Definition
>
> On Mon, May 6, 2019 at 4:26 PM Keith W. Hare <Keith at jcc.com> wrote:
>> If an organization uses a IPv4 prefix allocated/assigned
>> to some other organization (the DoD 30.0.0.0/8 for example)
>> within their internal network and filters out all references
>> at the edges of their network so that the general public
>> never sees any references, is that BGP Hijacking?
> The prop-266 establishes a difference between intentional and
> occasional hijacking.
>
> Now, consider a case when a Chinese ISP accidentally leaks 30/8 away.
> Imagine the newspaper headlines next morning, given that 30/8 is
> formally allocated to the DoD.
> Imagine Joe Sixpacks talking about the issue, treating that as a
> direct violent attack against the DoD, almost (if almost) an act of
> war.
> After that, consider the PR consequences when ARIN (APNIC etc.)
> decides that was accidental and thus just fine.
>
> This is one of the scenarios that makes me worry the most: exposing
> the cute and simple network address registry to all sorts of
> politicians with their ambitions.
>
> --
> Töma
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.


_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list