<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Courier New";}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Courier New";}
span.EmailStyle19
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:#203864;
mso-style-textfill-fill-color:#203864;
mso-style-textfill-fill-alpha:100.0%;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1675914558;
mso-list-type:hybrid;
mso-list-template-ids:1106931786 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">ARIN-prop-266 would like to establish that "BGP Hijacking is an ARIN Policy Violation"<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">The various threads around this proposal have generated a lot of discussion that suggests that many
people have a view of what BGP hijacking is, but without clear consensus on the definition, there will be no progress.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">Owen Delong described two technical mechanisms used for BGP hijacking:<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo2">
<![if !supportLists]><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">(Easiest and most common) Find a location in the internet where you can inject a route and
have it propagate and exploit it.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo2">
<![if !supportLists]><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">(less common but does happen) Find address space issued to a defunct organization or an organization
that does not appear to be actively using it and attempt to steal it from them through the RIR process by creating a new similar looking organization and then attempting to fraudulently “reclaim” the resources.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">I think the ARIN policies & practice already handle mechanism 2, so I’m going to ignore that for
the moment.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">From what I understand, injecting a route someplace could occur in several ways:<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">1.a. An organization announcing address space to the general internet for
which that organization does not have appropriate permission to announce.<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">1.b. Someone injecting routes to subvert or replace the appropriate routing.<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">Some questions/scenarios about 1.a.:<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">If an organization uses a IPv4 prefix allocated/assigned to some other organization (the DoD 30.0.0.0/8
for example) within their internal network and filters out all references at the edges of their network so that the general public never sees any references, is that BGP Hijacking? I’m pretty sure we can agree that this is not BGP hijacking.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">If an organization uses a IPv4 prefix allocated/assigned to some other organization (the DoD 30.0.0.0/8
for example) within their publically visible network and filters out all references at the edges of their network so that the rest of the internet never sees any references, is that BGP Hijacking? This is an edge case that we need to consider carefully.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">If Organization A has an agreement/letter of authority to announce addresses that has been allocated/assigned
to Organization B, and Organization B wants to replace Organization A with Organization C, but there was some onerous termination clause with Organization A that has not been met so Organization A continues to announce Organization B’s address space, is that
BGP Hijacking? To me, this sounds like a contract dispute that depends on the contents of the private contract between A and B.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">If an organization A does not have a an agreement/letter of authority to announce addresses that
has been allocated/assigned to Organization B but does so anyhow and allows that announcement to propagate to the general internet, is that BGP Hijacking? Seems highly likely to be BGP Hijacking. From the outside, how do we know that an agreement/letter of
authority does not exist, is invalid, or is forged?<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">If an organization sets up routing so that all connections from the inside of it’s network to a particular
resource outside of its network go through an particular router/proxy server, Is that BGP Hijacking?<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">Keith<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Calibri",sans-serif;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
</div>
</body>
</html>