Ettiquette and rules regarding Hijacked ASN's or IP space?

• Previous message (by thread): Ettiquette and rules regarding Hijacked ASN's or IP space?
• Next message (by thread): Ettiquette and rules regarding Hijacked ASN's or IP space?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 9 Jun 2003, Joe Abley wrote:

> The ISP in Toronto asked for an LOA, and got one, neatly presented on 
> company letterhead, and accompanied by e-mail from the tech contact for 
> the block confirming that the request to advertise the block was 
> authorised.
> 
> Is that enough justification to perform the announcement? Where exactly 
> should the line be drawn?

Unfortunately, probably not.  How do they know it was company letterhead?  
Had they ever seen the company's letterhead before?  How do they know I 
didn't just create that LOA and letterhead in OpenOffice?

> Maybe some service akin to a credit check is required.
> 
>    "Hello, I have a request to accept an announcement of 203.97.0.0/17 
> from AS 4768."
>    "That request is legitimate according to our records, here is your 
> auth code."

Trouble is, how do you/they know if both the space and ASN have been 
hijacked?

>    "Hello, my new customer with the following contact details has asked 
> me to originate 203.167.0.0/18 from AS 9327."
>    "We cannot confirm the legitimacy of that request, and the listed 
> contact for 203.167.0.0/18 has been informed of your request."

The listed contact may not be who ARIN [or other local RIR] thinks it is.

> Since the RIRs contain the information required to answer those 
> questions, you'd expect them (or their data) to be involved in the 
> process of answering them.

They really don't.  Thus far, when space is assigned, the RIRs have no way 
to later authenticate that an organization using the space is the same one 
that they assigned it to.

As for the current state of BGP authentication/sanity checking, I can say 
2 of my 4 upstreams take whatever I put in the routing registry.  The 
other two require an email be sent requesting prefix filter updates.  I 
was just told by one, that they'll accept whatever I request, only 
questioning it if someone complains to them about it.  The other, I 
haven't asked, but I assume they work similarly.  On the bright side, all 
of them are at least filtering.
 
----------------------------------------------------------------------
 Jon Lewis *jlewis at lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

• Previous message (by thread): Ettiquette and rules regarding Hijacked ASN's or IP space?
• Next message (by thread): Ettiquette and rules regarding Hijacked ASN's or IP space?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]