> On May 3, 2019, at 08:24 , Keith W. Hare <[email protected]> wrote:
>
> Andrew,
>
> So far, I have seen lots of discussion of the issue but I have not seen a
> single concise coherent complete definition of the BGP hijacking problem that
> includes:
I”ll take a stab, but there are reasons for the lack of information… We don’t
really know…
> · What technical mechanisms are used to create a BGP hijack
There are two principle mechanisms involved:
1. (Easiest and most common) Find a location in the internet where
you can inject a route and have it propagate and exploit it.
2. (less common but does happen) Find address space issued to a
defunct organization or an organization that does not appear
to be actively using it and attempt to steal it from them
through the RIR process by creating a new similar
looking organization and then attempting to fraudulently
“reclaim” the resources.
> · How BGP hijacking is initiated
See answer to previous bullet.
> · Why BGP hijacking is possible
Because there are lots of entry points in to the routing system which are
poorly filtered.
> · The frequency of BGP hijacking instances
Relatively rare so far, but not unheard of.
> · How long BGP hijacking instances last
Varies… By far, the most common one is snow shoe spamming which only needs a
day or two at most, and even a few hours
is quite productive for them.
> · The locations of BGP hijacking instances
This varies and I don’t know that there is ever going to be anything like a
comprehensive list.
> · How information about BGP hijacking instances can be gathered
Tough question. So far, nobody has a particularly good answer.
> Without a really clear definition of the problem, it is hard to evaluate the
> effectiveness of the proposed process.
>
> So far, it is not at all clear to me how the process described in proposal
> 266 will have any effect on the problem, but that may be because I do not
> fully understand the problem.
I think it’s more likely because the process described in 256 will not have
much effect.
Owen
>
> Keith
> <>
> From: ARIN-PPML [mailto:[email protected]] On Behalf Of Andrew Bagrin
> Sent: Friday, May 3, 2019 10:05 AM
> To: Marilson Mapa <[email protected]>
> Cc: [email protected]
> Subject: Re: [arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP
> Hijacking is an ARIN Policy Violation
>
> I'm curious why do people not want to let ARIN try to start getting involved
> to help resolve the issue of hijacking?
>
> Are you doing hijacking and don't want interference?
> Are you running a competitive service that you charge for?
>
> Does anyone believe there is a valid reason to hijack and advertise IP space
> that you do not own? (when the owner of that space does not want you to
> advertise it)
>
> Why would anyone be against ARIN having a process to help resolve these
> issues? Sure we can question how effective it will be, but anything will be
> more effective than nothing, and by actually doing, failing and learning,
> ARIN will only improve and refine the process. We will all learn from this.
>
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List ([email protected]).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact [email protected] if you experience any issues.
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
