[#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)

Wed Feb 1 02:25:06 UTC 2012

On Tue, Jan 31, 2012 at 6:03 PM, Owen DeLong <owen at delong.com> wrote:
>
> On Jan 31, 2012, at 5:52 PM, Mark Andrews wrote:
>
>>
>> In message <7B85F9D8-BA9E-4341-9242-5EB514895B4C at virtualized.org>, David Conrad
>> writes:
>>>> I hope none of you ever get hijacked by a spammer housed at Phoenix =
>>> NAP.  :)
>>>
>>> In the dim past, I had a somewhat similar situation:
>>>
>>> - A largish (national telco of a small country) ISP started announcing =
>>> address space a customer of theirs provided.  Unfortunately, the address =
>>> space wasn't the ISP's customer's to provide.
>>> - When the ISP was notified by both their RIR and the organization to =
>>> which the address space was rightfully delegated, the ISP's response =
>>> was:
>>>
>>> "We have a contractual relationship with our customer to announce that =
>>> space.  We have neither a contractual relationship (in this context) =
>>> with the RIR nor the RIR's customer.  The RIR and/or the RIR's customer =
>>> should resolve this issue with our customer."
>>>
>>> It as an eye-opening experience.
>>>
>>> Regards,
>>> -drc
>>
>> And if I have a contract to commit murder that doesn't mean that
>> it is right nor legal.  A contract can't get you out of dealing
>> with the law of the land and in most place in the world "aiding and
>> abetting" is illegal.
>>
>> Mark
>> --
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
>
> Not to put a damper on things, but, is there actually any law that precludes use of integers as internet addresses contrary to the registration data contained in RIR databases?
>
> I can see how a case might be made for tortious interference, but I think it's quite nebulous and I believe a civil matter at best. IANAL, but, I actually wonder if there is any way to construe the behavior in question as criminal and if so, under what statute(s).
>
> Owen
>
>

An interesting thought experiment series:

Imagine that instead of joe-random-small-ISP, this was Tier-1 ISP
customer space being hijacked.

Imagine that instead of Tier-1 customer, it was Tier-1 core services
(www.company, etc).

Imagine that instead of Tier-1 core services, it was the blocks
www.apple.com/iTunes or www.google.com lived in.

Imagine that instead of www.google.com, it was www.whitehouse.gov

At some point, I suspect that this gets service to get it fixed RIGHT
NOW.  At some point, the guys informing you it's RIGHT NOW show up
with badges.

The question is, when is it badges?  It can be construed as a denial
of service attack on the addresses' rightful owners.  They will
respond to any major government site being hijacked.  Probably to
Apple or Google.  Likely to a Tier-1 ISPs internal infrastructure.

That they probably won't to the current situation is a matter of
failure of the system to scale, not that the ethics, morality, or
legality of the situation are any different now than
www.whitehouse.gov going poof.

IMHO.

-- 
-george william herbert
george.herbert at gmail.com