"Defensive" BGP hijacking?
mel at beckman.org
Mon Sep 12 18:43:48 UTC 2016
I appreciate you making this statement, and I appreciate ARIN’s attitude that this is a community issue. ISPs have done an amazing job of self-regulation, while still preserving their ability to innovate and be agile in the marketplace. BGP is a perfect example of that kind of self-policing.
Outside regulation is rarely preferable to community self control, and I think a clear path forward is for those of us in the community to contact BackConnect and respectfully ask that they recognize their incorrect actions and repudiate this practice for the future. Everyone deserves a chance to recognize their mistakes and apologize, so I think we owe BackConnect this much.
Nanog seems like a great place for BackConnect to reply to the ISP community as well.
> On Sep 12, 2016, at 10:27 AM, John Curran <jcurran at arin.net> wrote:
> On Sep 12, 2016, at 12:08 PM, Scott Weeks <surfer at mauigateway.com<mailto:surfer at mauigateway.com>> wrote:
> Are the RIRs the internet police?
> Thank you Scott for posing that question… :-)
> As others have noted, ARIN does indeed revoke resources, but to be clear,
> this is generally due to fraudulent activities _related_ to the registry itself
> (i.e. if you commit fraud in the course of obtaining resources, ARIN will
> revoke those resources once we have determined the fraud beyond
> reasonable doubt; see <https://www.arin.net/resources/fraud/index.html>)
> The specific circumstances raised (of a party announcing an AS# which they
> do not control) can only happen if the others in the industry allow such, and
> therefore it is entirely within the community to address. While It is possible
> that some peering and/or transit agreements have been broken (for example,
> those agreements which state that the party should only announce routes that
> they have permission to do so), but in any case, the act of announcing someone
> else’s number resources stems from usage that the community is allowing to
> occur, either thru action or inaction, and is not any fraudulent act with respect
> the Internet number registry itself.
> ARIN is not a law enforcement entity (although we do work with them on
> occasion with regard to registry fraud), and it really is up to the industry to
> “police” Internet routing to the extent necessary and desirable to keep the
> Internet running.
> John Curran
> President and CEO
More information about the NANOG