Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Ettiquette and rules regarding Hijacked ASN's or IP space?

  • From: jlewis
  • Date: Mon Jun 09 12:55:51 2003

On Mon, 9 Jun 2003, Joe Abley wrote:

> The ISP in Toronto asked for an LOA, and got one, neatly presented on 
> company letterhead, and accompanied by e-mail from the tech contact for 
> the block confirming that the request to advertise the block was 
> authorised.
> 
> Is that enough justification to perform the announcement? Where exactly 
> should the line be drawn?

Unfortunately, probably not.  How do they know it was company letterhead?  
Had they ever seen the company's letterhead before?  How do they know I 
didn't just create that LOA and letterhead in OpenOffice?

> Maybe some service akin to a credit check is required.
> 
>    "Hello, I have a request to accept an announcement of 203.97.0.0/17 
> from AS 4768."
>    "That request is legitimate according to our records, here is your 
> auth code."

Trouble is, how do you/they know if both the space and ASN have been 
hijacked?

>    "Hello, my new customer with the following contact details has asked 
> me to originate 203.167.0.0/18 from AS 9327."
>    "We cannot confirm the legitimacy of that request, and the listed 
> contact for 203.167.0.0/18 has been informed of your request."

The listed contact may not be who ARIN [or other local RIR] thinks it is.

> Since the RIRs contain the information required to answer those 
> questions, you'd expect them (or their data) to be involved in the 
> process of answering them.

They really don't.  Thus far, when space is assigned, the RIRs have no way 
to later authenticate that an organization using the space is the same one 
that they assigned it to.

As for the current state of BGP authentication/sanity checking, I can say 
2 of my 4 upstreams take whatever I put in the routing registry.  The 
other two require an email be sent requesting prefix filter updates.  I 
was just told by one, that they'll accept whatever I request, only 
questioning it if someone complains to them about it.  The other, I 
haven't asked, but I assume they work similarly.  On the bright side, all 
of them are at least filtering.
 
----------------------------------------------------------------------
 Jon Lewis *jlewis@lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.