Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Ettiquette and rules regarding Hijacked ASN's or IP space?

  • From: Christopher L. Morrow
  • Date: Mon Jun 09 01:14:36 2003


So, with all this lifting the curtains on hijacked ASN's and ipblocks
recently I have a few general question...

1) Should the rules be uniformly applied?
2) Should these rules be applied even when something 'bad' might happen?
3) How much involvment should ARIN have in enforcing these rules?

Now, by 'rules' I mean:

If you steal something you have to give it back, regardless of who you
are.

So, for an example, if I steal ASN 8143 (already stolen so its mute) and
I'm 'a good guy', all I want to do is run a network no spam/abuse eminates
from it, should I be subject to the 'witch hunt' that my fellow ASN
stealer who does abuse/spam deals with? The same is asked for hijacked ip
space. If I steal/hijack a large netblock, not from an active org so there
is no 'damage' done, and I don't spam/abuse from it should I be compelled
to return it also? Compelled in the same way that my brother stealer who
spams/abuses is?

I am not advocating one or the other, and to me the rules should apply to
both groups (all theives treated equally)... I'm just curious as to the
general thought on this subject.

Additionally, how should ARIN go about verifying proper 'ownership' (that
I am still me after all these years of 'inactivity'), how much is enough
research on these issues? I know that at the ISP there is a measure of
trust placed on the customer, and upstream/downstream, when it comes to
ASN's and ip announcements. ARIN is in the same position as near as I can
tell. They have to trust that the community both is trustworthy (to an
extent) and conscientious. If there are bad actors out there that go to
enough trouble they can make ASN's or ip blocks appear to be registered to
themselves. There may be breadcrumbs of evidence if you look hard enough,
perhaps there won't be. How hard should ARIN be looking at these issues
and at specific instances? Should they apply their rules without
prejudice?

Sorry for the latenight not-completely-operational question :) but it
seems as though there is some abmiguity in the current
process/procedure/rules and I'd like to atleast start some discussion on
the topic.

Thanks.

--Chris
(chris@uu.net)
#######################################################
## UUNET Technologies, Inc.                          ##
## Manager                                           ##
## Customer Router Security Engineering Team         ##
## (W)703-886-3823 (C)703-338-7319                   ##
#######################################################




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.