On Fri, 3 May 2019, Andrew Bagrin wrote:
There are many examples... Here is one: - Company X hires hosting company Y for hosting service. - Company X allows company Y to advertise their IP blocks - Years later, company X decides to move to another hosting provider. - There is disagreement on the contract terms, agreement length, renewal (or some other caveat of the relationship) clearly Company Y does not want to lose the revenue from company X. - Since company Y is losing company X as a customer, they decide to send them a random invoice (justified or not) and say they own them $50k (or whatever amount). - Company X says, this is BS, we don't owe this. - matter needs time to get resolved (perhaps even legally) - Company X ask company Y to stop advertising their IP blocks because they are now moving to another hosting provider. - Company Y says "no, we are not going to fulfill any "support requests" until you pay your invoice" Hosting providers have been struggling since there has been so much competition, which breeds these types of behavior. Regardless of disagreements of any kind, an AS should not continue to advertise another's IP blocks if the owner does not want them to. Again, this is just one example. In this scenario, ARIN could facilitate with a process by notifying company Y that they are in violation, as well as report to their peering AS's. It is very helpful to have a simple mechanism in place.
Hi, That would be a step in the right direction, yes. Not sure if everyone will agree, though. :-( Carlos
Andrew On Fri, May 3, 2019 at 11:24 AM Keith W. Hare <[email protected]> wrote: Andrew, So far, I have seen lots of discussion of the issue but I have not seen a single concise coherent complete definition of the BGP hijacking problem that includes: · What technical mechanisms are used to create a BGP hijack · How BGP hijacking is initiated · Why BGP hijacking is possible · The frequency of BGP hijacking instances · How long BGP hijacking instances last · The locations of BGP hijacking instances · How information about BGP hijacking instances can be gathered Without a really clear definition of the problem, it is hard to evaluate the effectiveness of the proposed process. So far, it is not at all clear to me how the process described in proposal 266 will have any effect on the problem, but that may be because I do not fully understand the problem. Keith From: ARIN-PPML [mailto:[email protected]] On Behalf Of Andrew Bagrin Sent: Friday, May 3, 2019 10:05 AM To: Marilson Mapa <[email protected]> Cc: [email protected] Subject: Re: [arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation I'm curious why do people not want to let ARIN try to start getting involved to help resolve the issue of hijacking? Are you doing hijacking and don't want interference? Are you running a competitive service that you charge for? Does anyone believe there is a valid reason to hijack and advertise IP space that you do not own? (when the owner of that space does not want you to advertise it) Why would anyone be against ARIN having a process to help resolve these issues? Sure we can question how effective it will be, but anything will be more effective than nothing, and by actually doing, failing and learning, ARIN will only improve and refine the process. We will all learn from this.
_______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
