Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)
I'm not a lawyer nor an operator.
Imagine that instead of www.google.com, it was www.whitehouse.gov
At some point, I suspect that this gets service to get it fixed RIGHT NOW. At some point, the guys informing you it's RIGHT NOW show up with badges.
Where is Milo Medin when we need him?
The question is, when is it badges? It can be construed as a denial of service attack on the addresses' rightful owners. They will respond to any major government site being hijacked. Probably to Apple or Google. Likely to a Tier-1 ISPs internal infrastructure.
How long should it take to fix a problem like this? Why didn't one of the players upstream from the bad guy pull their plug or drop the bogus announcement? Why didn't any of the players between the first upstream and the tier 1s apply pressure? Do existing contracts cover this case? If not, what needs to be fixed? Is a RFC needed so the lawyers have something to reference? Would a session to discuss this at a NANOG gathering help?
a) law enforcement doesn't understand the problem. and b) the law moves very slowly.
It might be a good idea to make sure that somebody in law enforcement does understands what happened here so they can think about what who needs to do what the next time something like this happens. (Make sure that operators know how to get in touch with somebody who knows.) -- These are my opinions, not necessarily my employer's. I hate spam.
On Wed, Feb 1, 2012 at 5:12 AM, Hal Murray <hmurray@megapathdsl.net> wrote:
I'm not a lawyer nor an operator.
Imagine that instead of www.google.com, it was www.whitehouse.gov
At some point, I suspect that this gets service to get it fixed RIGHT NOW. At some point, the guys informing you it's RIGHT NOW show up with badges.
Where is Milo Medin when we need him?
how would he be helping?
The question is, when is it badges? It can be construed as a denial of service attack on the addresses' rightful owners. They will respond to any major government site being hijacked. Probably to Apple or Google. Likely to a Tier-1 ISPs internal infrastructure.
How long should it take to fix a problem like this?
the YT/pk-telecom incident lasted: 2hr 15mins according to renesys (http://www.renesys.com/blog/2008/02/pakistan-hijacks-youtube-1.shtml) I think for a few reasons this ONLY lasted 2hrs... one at least being pktelecom getting some pain from this hijack, plus they PROBABLY didn't mean to do what they did. (Oops, we fat-fingered, lets fix that...) Why did this take even 2hrs? why is the currrent incident lasting (lasted?) as long as it has? what system(s) would make this problem better? Danny refers to 'resource certification', I think he's pointing at RPKI[1], how far out is this? (seems like ~5+ yrs or so til useful deployment arrives, not even counting router-code for this appearing in the main set of deployed devices). -chris [1]: <http://www.afrinic.net/membership/certification.htm> (other RIR's are also represented, this was just the first relevant answer in bing) (all discussion of laws is ridiculous... which jurisdiction, which law, which .... forget about any reasonable answer here)
participants (2)
-
Christopher Morrow -
Hal Murray