Regarding Hijacked Networks
John Curran
jcurran at arin.net
Fri Feb 3 02:02:01 UTC 2012
On Jan 31, 2012, at 9:03 PM, Owen DeLong wrote:
> Not to put a damper on things, but, is there actually any law that precludes use of integers as internet addresses contrary to the registration data contained in RIR databases?
ARIN spends a bit of time on these types of questions.
The right to exclusive use a particular block Internet addresses is
indeed provided by contract with ARIN, but the context is within the
registration system itself. We are not aware of any law in ARIN's
service region which would preclude other parties from configuring
equipment with any numbers they wish. Note also - if someone thinks
that they have a right of exclusive use of a particular block Internet
addresses because of convictions that the addresses themselves are
"property" (whatever that means), the outcome still doesn't change;
i.e. there is still no law or regulation as best we can determine
which prevents someone from configuring their own equipment with
any particular block of IP addresses... (and I would advise some
very careful thought before advocating that such be changed.[*])
In the end, the registry simple reflects a set of numbers managed for
uniqueness by the policies set by the community. Since the Internet
relies on unique host identifiers, it's a pretty useful database, but
that usefulness is predicated on people actually making use of it...
One would think that ISP's wouldn't accept routes accept from the
parties not listed on an address block, but that is not universally
the case, and correcting that other than at the point of injection
is rather problematic unless we have some relatively easy way to
build, propagate, and verify routing assertions by the address
holder (e.g. RPKI, as noted by Danny and Randy)
ARIN is slowly but steadily working on getting RPKI rolled out in
production this year... folks interested in gaining some hands-on
RPKI experience in the meantime can participate in ARIN's RPKI Pilot;
we have more than 50 organizations participating at this time -
<https://www.arin.net/resources/rpki.html>
FYI,
/John
John Curran
President and CEO
ARIN
p.s. [*] As previously noted in this discussion, address blocks may
sometimes be hijacked based on acts that _are_ violation of law
(e.g fraud), but the mechanisms for dealing with such are quite
slow by default (at least in the US.) That doesn't mean that
they can't work faster, but only that timeliness increases when
there are numerous harmed parties are plainly evident to the law
enforcement folks. Given the potential impact from abuse or even
human error for any orders affecting the Internet, the delay may
even be an important feature of the present system.
More information about the NANOG
mailing list