<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">John,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thanks for the blog link.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">As I’ve looked at BGP/route hijacking, it is clear (to me at least) that it is difficult to precisely and completely define what BGP/route hijacking is.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">The steps described in the blog make a lot more sense to me than attempting to define and codify route hijacking in procedures.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Keith<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></a></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> ARIN-PPML [mailto:arin-ppml-bounces@arin.net]
<b>On Behalf Of </b>John Curran<br>
<b>Sent:</b> Monday, May 6, 2019 11:50 AM<br>
<b>To:</b> arin-ppml@arin.net<br>
<b>Subject:</b> Re: [arin-ppml] BGP Hijacking Definition<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On May 6, 2019, at 9:26 AM, Keith W. Hare <<a href="mailto:Keith@jcc.com">Keith@jcc.com</a>> wrote:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">...<span style="font-family:"Calibri",sans-serif;color:#203864">Owen Delong described two technical mechanisms used for BGP hijacking: </span><o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in"><span style="font-family:"Calibri",sans-serif;color:#203864">1.</span><span style="font-size:7.0pt;color:#203864">
</span><span style="font-family:"Calibri",sans-serif;color:#203864">(Easiest and most common) Find a location in the internet where you can inject a route and have it propagate and exploit it.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864"> </span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in"><span style="font-family:"Calibri",sans-serif;color:#203864">2.</span><span style="font-size:7.0pt;color:#203864">
</span><span style="font-family:"Calibri",sans-serif;color:#203864">(less common but does happen) Find address space issued to a defunct organization or an organization that does not appear to be actively using it and attempt to steal it from them through the
RIR process by creating a new similar looking organization and then attempting to fraudulently “reclaim” the resources.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864">I think the ARIN policies & practice already handle mechanism 2, so I’m going to ignore that for the moment. ...</span><o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">FYI - for those interested in our current practices with regard to handling reports of potential route hijacking, please see our recent blog post - <a href="https://teamarin.net/2019/05/06/how-does-arin-handle-reports-of-route-hijacking/">https://teamarin.net/2019/05/06/how-does-arin-handle-reports-of-route-hijacking/</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks!<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">/John<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">John Curran<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">President and CEO<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">American Registry for Internet Numbers<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>