North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Operators Penalized? (was Re: Kenyan Route Hijack)

  • From: Glen Kent
  • Date: Mon Mar 17 06:21:19 2008
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=EMunguIhdGli+t9cqdNLO6eadnKiV/zRoqnkzyXmf/0=; b=Jh+zNisvrT+Fqt8KVjVz/lpv1AQLxxkKpd0o3iTeFjtqZ0NhsuuDhyq5MibHFo7TJa3TBqSpByuJPDxcGxpqlU8ezNTmshMKpcENp08z6MIm+p2r3VBxETwzGwkCvEdiVvhHCp6zJX4zgq7IjcYhQ91pKimPMm4NOGu9geEspsk=
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=TpCjO+F2SYbqyfXqhqBqnu/KzaWpeTzMaY3y6aIY27pPjN+Upn1ipPN0AGDO0JCWYcNxwowQky9djNK8k7zjNscXRSV0vi8NsJPwRolFgDd/eEKX7knShdT6RV4vvOHaCSBnWuzknDKYsncbNIsGFVA92wSdmKAfhHMwuGCEeOc=

>   >
>   > Usually unintentional. See Pakistan Telecom for recent example.
>  Pakistan's blackhole was semi-unintentional, kind of like you tried to
>  shoot your spouse but the bullet went through the wall and
>  "unintentionally" hit a neighbor.

Do ISPs (PTA, AboveNet, etc) that "unintentionally" hijack someone
else IP address space, ever get penalized in *any* form? Depending
upon whom and what they hijack, and who all get affected, it sure can
get them lot of (undesired) publicity - news, articles, nanog
discussions/presentations, ietf discussions, blogs - but, it doesnt
really hurt them much, does it? AboveNet, unlike PTA, got a lot less
publicity for their achievement, primarily because they didnt put
millions off, from watching imbecilic videos of cats jumping the cars,
and people slipping in snow - a simple google test corroborates this.
While you get pages and pages of sites that talk about "PTA Youtube",
you only get a handful when you do "Abovenet Africa Online".

So, is there anything that can be done to discourage such mishaps?
What do we do if an ISP, again accidentally, hijacks another address
block or blackholes them?

Would it pain them if their announcements were suppressed, or
reachability (more specifically origination information) is damped for
some time? I understand, this is opening up a pandora's box, because
this ISP could be providing transit services to other ISPs, and this
might inadvertently affect them. So, i am not suggesting a solution -
i am seeking suggestions on what can be done about this? And before
this, if there is anything that we as a community want to do about