[arin-ppml] BGP Hijacking Definition

Keith W. Hare Keith at jcc.com
Mon May 6 13:28:58 EDT 2019


Thanks for the blog link.

As I've looked at BGP/route hijacking, it is clear (to me at least) that it is difficult to precisely and completely define what BGP/route hijacking is.

The steps described in the blog make a lot more sense to me than attempting to define and codify route hijacking in procedures.


From: ARIN-PPML [mailto:arin-ppml-bounces at arin.net] On Behalf Of John Curran
Sent: Monday, May 6, 2019 11:50 AM
To: arin-ppml at arin.net
Subject: Re: [arin-ppml] BGP Hijacking Definition

On May 6, 2019, at 9:26 AM, Keith W. Hare <Keith at jcc.com<mailto:Keith at jcc.com>> wrote:
...Owen Delong described two technical mechanisms used for BGP hijacking:

1.       (Easiest and most common) Find a location in the internet where you can inject a route and have it propagate and exploit it.

2.       (less common but does happen) Find address space issued to a defunct organization or an organization that does not appear to be actively using it and attempt to steal it from them through the RIR process by creating a new similar looking organization and then attempting to fraudulently "reclaim" the resources.

I think the ARIN policies & practice already handle mechanism 2, so I'm going to ignore that for the moment. ...

FYI - for those interested in our current practices with regard to handling reports of potential route hijacking, please see our recent blog post - https://teamarin.net/2019/05/06/how-does-arin-handle-reports-of-route-hijacking/


John Curran
President and CEO
American Registry for Internet Numbers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190506/390bf720/attachment-0002.html>

More information about the ARIN-PPML mailing list