[arin-ppml] BGP Hijacking Definition

Michel Py michel at arneill-py.sacramento.ca.us
Mon May 6 20:21:01 EDT 2019

Hi Larry,

>>> Larry Ash wrote :
>>> Does ARIN or any of the other RIR's really want to get into
>>> these kind of network engineering and operations debates?

>> Michel Py wrote :
>> For the record, I have said that I agreed that prop-266 was out of scope.
>> But some people have asked pertinent questions and clarifications.

> Fair enough. I just feel we are wandering into a swamp.

So do I and lots of people have made that very point too. But the petition has succeeded, I thought that we were better off bringing it in plain light instead of remain silent and hope it would fail again.

>> Michel Py wrote :
>> Please note that I am not judging. I wrote recently that this prop-266 would scare
>> the wrong people, those who do unsavory things because they don't have an alternative.
>> Some think you should roast in the flames of hell for eternity, not me.
>> Do you (or the organizations you help) sell voice services to the
>> public that are hosted on these systems that have a 30/8 address ?

> Larry Ash wrote :
> Yes, if what you mean by public is directly connected customers.

Then, for the sake of clarity, I believe that what you are technically doing is squatting, not hijacking.

Totally out of curiosity, do you have your customers put a static route to _your_ :P 30/8, or do you use dynamic routing ?

> It is on mostly proprietary equipment but always running inside vlans that are used for voice only or
> as tunnel addresses when connecting incompatible RFC1918 networks together. If the customers equipment
> is compromised thousands of toll calls can be placed in a single evening to innocent third parties with
> the familiar "Microsoft calling about a virus on your computer" type of phone spam.

And you believe they don't protect their networks enough ?
I have several Asterisk servers, but for internal use only. I buy SIP minutes from flowroute, the Asterisk servers are behind NAT, and the only addresses that are allowed to talk to them from the outside are the flowroute servers, on selected ports. I concur that there are lots of crooks out there; as soon as you open port 5060 to the outside you are instantly being flooded with all kinds of probing and attempts.

> It seems to me that any clean definition suffers from the problem of too
> many implementations some of which are totally outside of the norm.

Which is precisely why we are starting to walk into the swamp so we can decide if we want or not to go further. I don't like the way the mud smells.


More information about the ARIN-PPML mailing list