RE: Ettiquette and rules regarding Hijacked ASN's or IP space?
On Mon, 9 Jun 2003, Michel Py wrote:
Chris,
Christopher L. Morrow wrote: So, for an example, if I steal ASN 8143 (already stolen so its mute) and I'm 'a good guy', all I want to do is run a network no spam/abuse eminates from it,
Question: if you are a 'good guy', why didn't you request your own legit ASN in the first place? It's less work than finding one to hijack and hijack it. And probably cheaper too: $500 does not pay for much of my or your time.
excellent point :) the distinction between 'good' and 'bad' was just non-abuser/abuser. Certianly ARIN's requirements for ASN ownership are simple enough, be multihomed and have a 'unique' routing policy. If you need an ASN likely you are already multihomed and have a 'unique' routing policy, eh?
I am not advocating one or the other, and to me the rules should apply to both groups (all theives treated equally)... I'm just curious as to the general thought on this subject.
Without taking sides, does the first group really exist?
If you fuzz over the 'bad'/'good' beyond 'abuser'/'non-abuser' then perhaps there isn't a distinction. Perhaps clarification: Someone that sets up an ISP and hijacks ASN/ip-blocks specifically to abuse versus someone who hijacked an ASN to avoid paperwork. The distinction isn't necessarily for any real purpose, except as a talking point. I've seen both groups get discussed, and only the 'abusing' group seems to get hounded... or atleast thats what I've seen.
On Mon, 9 Jun 2003, Christopher L. Morrow wrote:
excellent point :) the distinction between 'good' and 'bad' was just non-abuser/abuser. Certianly ARIN's requirements for ASN ownership are simple enough, be multihomed and have a 'unique' routing policy. If you need an ASN likely you are already multihomed and have a 'unique' routing policy, eh?
It's not even THAT difficult...all you have to be is multihomed _or_ have a 'unique' routing policy. Being multihomed by itself is trivial and plenty of justification...does anybody have some examples of 'unique' routing policies, that require ASNs, that don't require or imply multihoming? For example, while anycasting is a good example of a potential use of an ASN without requiring multihoming, it's kind of implied that they're at least purchasing transit from multiple organizations (if not truly multihomed) and could easily justify an ASN without having to specify their unique routing policy. What sorts of 'unique' routing policies justify an ASN? Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
On Mon, Jun 09, 2003 at 01:04:22PM -0400, Andy Dills wrote:
On Mon, 9 Jun 2003, Christopher L. Morrow wrote:
excellent point :) the distinction between 'good' and 'bad' was just non-abuser/abuser. Certianly ARIN's requirements for ASN ownership are simple enough, be multihomed and have a 'unique' routing policy. If you need an ASN likely you are already multihomed and have a 'unique' routing policy, eh?
It's not even THAT difficult...all you have to be is multihomed _or_ have a 'unique' routing policy.
Being multihomed by itself is trivial and plenty of justification...does anybody have some examples of 'unique' routing policies, that require ASNs, that don't require or imply multihoming? For example, while anycasting is a good example of a potential use of an ASN without requiring multihoming, it's kind of implied that they're at least purchasing transit from multiple organizations (if not truly multihomed) and could easily justify an ASN without having to specify their unique routing policy.
What sorts of 'unique' routing policies justify an ASN?
Anything weird, bizaare, or different. Like once every year when some ip/colo provider decides they want to sell local peering routes or want to give every datacenter an ASN, or when some route optimization company decides they need a huge block of ASNs for...well...nevermind, or when someone decides that they need a special ASN dedicated to acting as a border between their reserved asn customers and the rest of the world... -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Andy Dills wrote:
What sorts of 'unique' routing policies justify an ASN?
ISP has a corporate customer that decides to multi-home. While ISP is not multi-homed themselves, they must have an ASN to speak BGP and pass routing information between their corporate customer and their provider. So an ISP may not quite fit the bill. Imagine a holding company that oversees a bunch of companies with independant networks, yet they all meet up at the holding company's network. For ease of maintenance between the companies (let's say there's 10 of them), they run BGP with private ASNs and the holding company default routes to their provider. Company X decides that they have a more network sensitive application which requires extra redundancy. They bring up a circuit to another network, get an ASN (as they are multi-homed now). In order for this to work, the Holding company must run an ASN and speak bgp to it's provider (and confederates are our friend). I'm sure there are weirder routing policies, and some may even qualify for an ASN and BGP without any section of the network or it's downstreams being multi-homed. In some cases, it may be convenience or security. For example. In the above senario, what if some of the real IP addresses held by a few of the companies should only be routed between the companies and not out to the public Internet. In such a senario, one could say that packet filtering is adequate, although not routing the netblock to begin with would definately be more secure (and fall under a routing policy requiring BGP in a non-multi-homed senario). With the holding company running BGP to it's provider, which netblocks get routed to the public and which go to companies X, Y, and Z only is trival. The RiR's do not dictate what proper routing policy is. They manage the assignments. Obviously, if all the companies fit within a /22, there might be some complaints. If the companies had a /18+ of address space, there might be just cause to allow them to do BGP and thus have an ASN, even with a single peer. -Jack
participants (4)
-
Andy Dills
-
Christopher L. Morrow
-
Jack Bates
-
Richard A Steenbergen