nanog mailing list archives

Re: de-peering for security sake

From: bzs () theworld com
Date: Mon, 18 Jan 2016 14:31:10 -0500


On January 18, 2016 at 00:21 Valdis.Kletnieks () vt edu (Valdis.Kletnieks () vt edu) wrote:

On Sun, 17 Jan 2016 19:39:52 -0500, bzs () theworld com said:

How about if backed by an agreement with the 5 RIRs stating no new
resource allocations or transfers etc unless a contract is signed and
enforced? Or similar.


Then they'd just resort to hijacking address space.

Oh wait, they already do that and get away with it....


I think we're talking about two different problems, both valid.

One is legitimate operators who probably mostly want to do the right
thing but are negligent, disagree (perhaps with many one this list) on
what is an actionable problem, etc.

The other are those actors prone to criminality.

I was addressing the first problem though I'd assert that progress on
the first problem would likely yield progress on the second, or
cooperation anyhow.


(And a threat of withholding IP address space from long-haul providers isn't as
credible - they have much less need for publicly routed IP addresses than
either eyeball farms or content farms, so you'll have to find some other way to
motivate them to not accept a hijacked route announcement...)


No man is an island entire of himself -- John Donne.

First one has to agree to the concept of creating a network based on
contractual agreements.

I gave some examples of how to encourage actors to enter into those
contracts, my list wasn't intended to be exhaustive, it was intended
to be an existence proof, some pressure points exist and are easy to
understand even if not complete.

Besides, why make the perfect the enemy of the good? If many, perhaps
not all (or not at first), agreed to a common set of contractual
obligations that would be progress, no?

Is there even a document which describes what a "hijacked" net block
is and why it is bad? Obvious? No, it is not obvious. The best one can
say is there exist obvious cases.

-- 
        -Barry Shein

Software Tool & Die    | bzs () TheWorld com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Current thread:

Re: de-peering for security sake, (continued)
- - - Re: de-peering for security sake Owen DeLong (Jan 16)
    - Re: de-peering for security sake Valdis . Kletnieks (Jan 16)
    - Re: de-peering for security sake bzs (Jan 17)
    - Re: de-peering for security sake Dan Hollis (Jan 17)
    - Re: de-peering for security sake Ca By (Jan 17)
    - Re: de-peering for security sake bzs (Jan 17)
    - Re: de-peering for security sake Doug Barton (Jan 17)
    - Re: de-peering for security sake Dan Hollis (Jan 17)
    - Re: de-peering for security sake bzs (Jan 17)
    - Re: de-peering for security sake Valdis . Kletnieks (Jan 17)
    - Re: de-peering for security sake bzs (Jan 18)
    - Re: de-peering for security sake Michael O'Connor (Jan 19)
    - Re: de-peering for security sake bzs (Jan 19)
    - Re: de-peering for security sake Colin Johnston (Jan 20)
    - Re: de-peering for security sake Valdis . Kletnieks (Jan 16)
    - Re: de-peering for security sake Owen DeLong (Jan 16)