<div dir="ltr"><div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, May 2, 2019 at 6:38 PM Scott Leibrand <<a href="mailto:scottleibrand@gmail.com">scottleibrand@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, May 2, 2019 at 3:06 PM Carlos Friaças <<a href="mailto:cfriacas@fccn.pt" target="_blank">cfriacas@fccn.pt</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
On Thu, 2 May 2019, Scott Leibrand wrote:<br>
<br>
> Do you have any reason to believe that ARIN getting involved in real-time notification of BGP hijacking, with or without firmly worded language and with or without an implied threat, will be any more effective than current methods of<br>
> shutting down hijacks once they've started? My impression is that nearly all hijacks are quickly filtered by transit providers once they're contacted by the legitimate holder of the addresses.<br>
<br>
Hi,<br>
<br>
However, some hijackers decide to use unallocated space or space which is <br>
likely to be held by closed companies -- so a contact by the legitimate <br>
owner becomes highly unlikely.<br></blockquote><div><br></div><div>In that case, who is the party who is harmed by someone announcing unallocated or unannounced space?</div><div> </div></div></div></blockquote><div><br></div><div>[ clip ]</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div><br></div><div>If ARIN overreaches in their attempt to penalize a large non-cooperative well-lawyered transit provider for not filtering their customers well enough by revoking their registrations, and that transit provider sues ARIN for interfering with its business, it's likely that ARIN would lose a lawsuit and either lose control over the registry and/or have to pay damages that might bankrupt the organization. Those are the kinds of legal concerns that will prevent ARIN from doing something that the community might otherwise want.</div></div></div></blockquote><div><br></div><div class="gmail_quote"> [ clip ]<br></div><div class="gmail_quote"><div><br></div><div>Even if there isn't a law explicitly disallowing BGP hijacking (I don't know if/where there is), the legal system is still an option for going after bad actors. IANAL, but if nothing else, you can sue them in civil courts for the damages caused by tortious interference with your business, or whatever the proper legal term is for that. In the US, you can always sue someone. ;-)</div></div><div class="gmail_quote"><br></div><div class="gmail_quote">If someone announced a prefix that caused damage to your business _and you could find them, prosecute a case etc._ you probably could build a damage model to litigate. However, good luck with the former.</div><div class="gmail_quote"><br></div><div class="gmail_quote">On your points, I went to find data to understand. With three threads and now hundred(s) of messages, it is confusing. I scraped this from bgpstream (thank you Andree) and hope it may help.</div><div class="gmail_quote"><br></div><div class="gmail_quote"><a href="https://docs.google.com/spreadsheets/d/1Mlt_oRd0ttz5qoHZ_gvsybsqRG4Pf8XnyxLspD3GSfU/edit?usp=sharing">https://docs.google.com/spreadsheets/d/1Mlt_oRd0ttz5qoHZ_gvsybsqRG4Pf8XnyxLspD3GSfU/edit?usp=sharing</a></div><div class="gmail_quote"><br></div><div class="gmail_quote">I am not sure where an RIR adds value here other than continuing with RPKI efforts and not spending money on distractions.<br></div><div class="gmail_quote"><br></div><div class="gmail_quote">Thanks,</div><div class="gmail_quote"><br></div><div class="gmail_quote">-M<</div><div class="gmail_quote"><br></div></div></div></div>