[arin-ppml] BGP Hijacking Definition

Michel Py michel at arneill-py.sacramento.ca.us
Mon May 6 12:40:42 EDT 2019


Hi Keith,

Besides what you wrote (comments in-line), I think we need a very clear definition of what is a private network.
If an organization is an operator, ISP, or hosting company, the part of their network that carries public traffic is not private.
For a router, the management interface (if separate) is private, it's likely on a separate VLAN too. But the interfaces that carry traffic form / to customers, subscribers, and hosted services are public.


> Keith W. Hare wrote :
> If an organization uses a IPv4 prefix allocated/assigned to some other organization (the DoD 30.0.0.0/8 for example)
> within their internal network and filters out all references at the edges of their network so that the general public
> never sees any references, is that BGP Hijacking? I’m pretty sure we can agree that this is not BGP hijacking.

If you would add to that that they do not transport any non-organization data over it / be in context with what I wrote above about private network, I would agree.
I'm not sure there is a name for that, would be a good idea to have one. Loitering ?

> If an organization uses a IPv4 prefix allocated/assigned to some other organization (the DoD 30.0.0.0/8 for example)
> within their publically visible network and filters out all references at the edges of their network so that the rest
> of the internet never sees any references, is that BGP Hijacking? This is an edge case that we need to consider carefully.

I agree, especially if they transport customer / subscriber data over it. I think we should call that squatting.

> If Organization A has an agreement/letter of authority to announce addresses that has been allocated/assigned to
> Organization B, and Organization B wants to replace Organization A with Organization C, but there was some onerous
> termination clause with Organization A that has not been met so Organization A continues to announce Organization B’s
> address space, is that BGP Hijacking? To me, this sounds like a contract dispute that depends on the contents of the
> private contract between A and B.

Correct. ARIN has allocated addresses to organization B. In that case, org A and org B have to sort out their differences in the legal system.
However, we have to be careful with similarities with your next point just below. What are the differences between them ? the lack of a contract or agreement, or the fact that ARIN does not have access to it ? or some other factor ?

> If an organization A does not have a an agreement/letter of authority to announce addresses that has been
> allocated/assigned to Organization B but does so anyhow and allows that announcement to propagate to the
> general internet, is that BGP Hijacking? Seems highly likely to be BGP Hijacking.

I agree. Same as above though, we need a very clear definition of what constitutes not having an agreement or a contract before ARIN can make the determination that it is indeed hijacking.

> From the outside, how do we know that an agreement/letter of authority does not exist, is invalid, or is forged?

This is where we have to be very complete, very comprehensive, and as much exhaustive as possible.


> If an organization sets up routing so that all connections from the inside of it’s network to a particular
> resource outside of its network go through an particular router/proxy server, Is that BGP Hijacking?

Can you develop this one a little further ? Are we talking about traffic engineering / traffic shaping / net neutrality / packet classification / QOS ?

Michel.



More information about the ARIN-PPML mailing list