<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Courier New";}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1718242428;
mso-list-type:hybrid;
mso-list-template-ids:-661378504 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoPlainText">Michael,<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText" style="margin-left:.5in">> If an organization sets up routing so that all connections from the inside of its network to a particular<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in">> resource outside of its network go through an particular router/proxy server, Is that BGP Hijacking?<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoPlainText" style="margin-left:.5in">Can you develop this one a little further ? Are we talking about traffic engineering / traffic shaping / net neutrality / packet classification / QOS ?<o:p></o:p></p>
<p class="MsoPlainText"><a name="_MailEndCompose"><o:p> </o:p></a></p>
<p class="MsoPlainText">Let’s look at the simple network example:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">A<-->G1<->G2<-->B<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">G1 and G2 each could be some combination of:<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Router<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Simple Firewall<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Firewall with deep-packet inspection<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">4.<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Proxy Server<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">5.<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Router that records all packets for security audits<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">6.<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Router that records all packets and sends them to a competing organization/nation<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">7.<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Router that adds delays for all packets for a particular <o:p>
</o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">One problem I see with coming to a clear definition of BGP or Route hijacking is that techniques used for network security are not hugely different from the techniques used for malicious activities.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Keith<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">-----Original Message-----<br>
From: Michel Py [mailto:michel@arneill-py.sacramento.ca.us] <br>
Sent: Monday, May 6, 2019 12:41 PM<br>
To: Keith W. Hare <Keith@jcc.com>; arin-ppml@arin.net<br>
Subject: RE: BGP Hijacking Definition</p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Hi Keith,<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Besides what you wrote (comments in-line), I think we need a very clear definition of what is a private network.<o:p></o:p></p>
<p class="MsoPlainText">If an organization is an operator, ISP, or hosting company, the part of their network that carries public traffic is not private.<o:p></o:p></p>
<p class="MsoPlainText">For a router, the management interface (if separate) is private, it's likely on a separate VLAN too. But the interfaces that carry traffic form / to customers, subscribers, and hosted services are public.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">> Keith W. Hare wrote :<o:p></o:p></p>
<p class="MsoPlainText">> If an organization uses a IPv4 prefix allocated/assigned to some other organization (the DoD 30.0.0.0/8 for example)<o:p></o:p></p>
<p class="MsoPlainText">> within their internal network and filters out all references at the edges of their network so that the general public<o:p></o:p></p>
<p class="MsoPlainText">> never sees any references, is that BGP Hijacking? I’m pretty sure we can agree that this is not BGP hijacking.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">If you would add to that that they do not transport any non-organization data over it / be in context with what I wrote above about private network, I would agree.<o:p></o:p></p>
<p class="MsoPlainText">I'm not sure there is a name for that, would be a good idea to have one. Loitering ?<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">> If an organization uses a IPv4 prefix allocated/assigned to some other organization (the DoD 30.0.0.0/8 for example)<o:p></o:p></p>
<p class="MsoPlainText">> within their publically visible network and filters out all references at the edges of their network so that the rest<o:p></o:p></p>
<p class="MsoPlainText">> of the internet never sees any references, is that BGP Hijacking? This is an edge case that we need to consider carefully.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">I agree, especially if they transport customer / subscriber data over it. I think we should call that squatting.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">> If Organization A has an agreement/letter of authority to announce addresses that has been allocated/assigned to<o:p></o:p></p>
<p class="MsoPlainText">> Organization B, and Organization B wants to replace Organization A with Organization C, but there was some onerous<o:p></o:p></p>
<p class="MsoPlainText">> termination clause with Organization A that has not been met so Organization A continues to announce Organization B’s<o:p></o:p></p>
<p class="MsoPlainText">> address space, is that BGP Hijacking? To me, this sounds like a contract dispute that depends on the contents of the<o:p></o:p></p>
<p class="MsoPlainText">> private contract between A and B.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Correct. ARIN has allocated addresses to organization B. In that case, org A and org B have to sort out their differences in the legal system.<o:p></o:p></p>
<p class="MsoPlainText">However, we have to be careful with similarities with your next point just below. What are the differences between them ? the lack of a contract or agreement, or the fact that ARIN does not have access to it ? or some other factor ?<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">> If an organization A does not have a an agreement/letter of authority to announce addresses that has been<o:p></o:p></p>
<p class="MsoPlainText">> allocated/assigned to Organization B but does so anyhow and allows that announcement to propagate to the<o:p></o:p></p>
<p class="MsoPlainText">> general internet, is that BGP Hijacking? Seems highly likely to be BGP Hijacking.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">I agree. Same as above though, we need a very clear definition of what constitutes not having an agreement or a contract before ARIN can make the determination that it is indeed hijacking.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">> From the outside, how do we know that an agreement/letter of authority does not exist, is invalid, or is forged?<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">This is where we have to be very complete, very comprehensive, and as much exhaustive as possible.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">> If an organization sets up routing so that all connections from the inside of it’s network to a particular<o:p></o:p></p>
<p class="MsoPlainText">> resource outside of its network go through an particular router/proxy server, Is that BGP Hijacking?<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Can you develop this one a little further ? Are we talking about traffic engineering / traffic shaping / net neutrality / packet classification / QOS ?<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Michel.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
</div>
</body>
</html>