|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Ettiquette and rules regarding Hijacked ASN's or IP space?
Hello Kia , In line On Mon, 9 Jun 2003, Kai Schlichting wrote: > On 6/9/2003 at 4:06 PM, "Christopher L. Morrow" <[email protected]> wrote: > > Sure, you are announcing 196.1.1.0/24 and only that, fine, but are you > > allowed to announce that prefix? Are you "Centre for Monitoring Indian > > Economy" ?? Or is this your direct customer and you are just the sat-link > > provider for him? > Being able to answer such 64,000-dollar-questions with authority is the > issue ARIN's registry operations are facing, pass or fail. And you can > take that literally: the recent hijacking events have put ARIN's rules, > procedures and current registry data so much into question - it'll be > (do || die) for them. The inherited Internic data going back almost 20 > years doesn't help things. Indeed, I think that any and all legacy > assignments should be purged, like the old Usenet, one by one. Some > things that could be done: > - contact all owners of IP space or ASNs with a demand to show legal, > notarized > paperwork showing their company's status as incorporated/active, and/or > legal successor to the original registrant. Gotta use those 7 years of > business records you're required to hold for something! Already in progress . Using DNS lameness as start basis . I just got a note for an old ip-range I had promised the owner I'd keep active and forgot about over the years . > - non-announced IP space with defunct contacts: -> reserved status, no > AS may route those, until resolved per above How would you go about admonishing hijackers (or what appears as a hijacker) OR the provider that has been given a letter of approval from the agency that appears to have the lease ? ... lots more questions in this vein ? For all of the items mentioned below . Just one foopah with a blackhole server & NOone is going to remain attached to it . That has been proven over & over again . If you can not implicitely trust the operator(s) of the blackhole(s) operators will etierh run their own of ignore the blackholes . > - non-announced IP space with working contacts: email to POC every > 30 days with the legal demands (email/paper mail). After 90 days: > network set to 'reserved' status, no AS may announce these, > until resolved per above. > - announced IP space: announcing AS to be contacted in addition to POC > for the network object. For AS's in violation, this shall mean that > all upstream ASs as visible at popular exchange points should be > contacted (at least once) as well. > - announcing AS's that violate the 'do not announce' rule shall be > dealt with in ways similar to the non-cooperating entities described in: > http://www.arin.net/policy/2003_1.html - they will get their own network > objects suspended. > - complete publicly accessible list of all 'reserved' networks - the > DNSBLs and private BGP blackhole feeds will do the rest. > Wouldn't you want to know how quiet your inbox can be, when you > have a BGP4 blackhole feed with SPEWS L1 as the source... -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network Engineer | P.O. Box 854 | Give me Linux | | [email protected] | Coudersport PA 16915 | only on AXP | +------------------------------------------------------------------+
|