[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Owen DeLong owen at delong.com
Fri May 3 22:39:23 EDT 2019

> On May 3, 2019, at 08:24 , Keith W. Hare <Keith at jcc.com> wrote:
> Andrew,
> So far, I have seen lots of discussion of the issue but I have not seen a single concise coherent complete definition of the BGP hijacking problem that includes:

I”ll take a stab, but there are reasons for the lack of information… We don’t really know…

> ·         What technical mechanisms are used to create a BGP hijack

There are two principle mechanisms involved:
	1.	(Easiest and most common) Find a location in the internet where you can inject a route and have it propagate and exploit it.
	2.	(less common but does happen) Find address space issued to a defunct organization or an organization that does not appear
		to be actively using it and attempt to steal it from them through the RIR process by creating a new similar
		looking organization and then attempting to fraudulently “reclaim” the resources.

> ·         How BGP hijacking is initiated

See answer to previous bullet.

> ·         Why BGP hijacking is possible

Because there are lots of entry points in to the routing system which are poorly filtered.

> ·         The frequency of BGP hijacking instances

Relatively rare so far, but not unheard of.

> ·         How long BGP hijacking instances last

Varies… By far, the most common one is snow shoe spamming which only needs a day or two at most, and even a few hours
is quite productive for them.

> ·         The locations of BGP hijacking instances

This varies and I don’t know that there is ever going to be anything like a comprehensive list.

> ·         How information about BGP hijacking instances can be gathered

Tough question. So far, nobody has a particularly good answer.
> Without a really clear definition of the problem, it is hard to evaluate the effectiveness of the proposed process.
> So far, it is not at all clear to me how the process described in proposal 266 will have any effect on the problem, but that may be because I do not fully understand the problem.

I think it’s more likely because the process described in 256 will not have much effect.


> Keith
>   <>
> From: ARIN-PPML [mailto:arin-ppml-bounces at arin.net] On Behalf Of Andrew Bagrin
> Sent: Friday, May 3, 2019 10:05 AM
> To: Marilson Mapa <marilson.mapa at gmail.com>
> Cc: arin-ppml at arin.net
> Subject: Re: [arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation
> I'm curious why do people not want to let ARIN try to start getting involved to help resolve the issue of hijacking?
> Are you doing hijacking and don't want interference?
> Are you running a competitive service that you charge for?
> Does anyone believe there is a valid reason to hijack and advertise IP space that you do not own? (when the owner of that space does not want you to advertise it)
> Why would anyone be against ARIN having a process to help resolve these issues?  Sure we can question how effective it will be, but anything will be more effective than nothing, and by actually doing, failing and learning, ARIN will only improve and refine the process. We will all learn from this.
> _______________________________________________
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190503/31aa7f24/attachment-0002.html>

More information about the ARIN-PPML mailing list