resolving prefix hijacks (was Re: Prefix hijacking by Michael Lindsay via Internap)

Jon Lewis jlewis at lewis.org
Sun Aug 21 14:22:03 CDT 2011


On Sun, 21 Aug 2011, Ken Chase wrote:

> That said, what is the de jure responce when a prefix is hijacked? Does
> anyone have a 'best practices' guide? I am sure some of the most effective
> vs legal practices are not in fact concomittant.

It doesn't hurt to complain/announce about it here and various other NOGs. 
Spamhaus, SORBS, and possibly other DNSBLs might, if they buy the case, 
decide to list the space until the dispute is resolved, especially if its 
being used for spamming operations.

But resolution is going to have to come from communications between the 
"owner", the relevant RIR, and the transit provider(s) (or possibly their 
transit providers) providing service to the hijacker.

The RIRs can't stop anyone from announcing routes...but I suspect any 
legitimate NSP when approached by ARIN, RIPE, APNIC, etc. and told that 
routes they're propagating for a customer are hijacked, will accede to the 
opionion of the RIR.

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________




More information about the NANOG mailing list