'RE: [nanog] Advice in dealing with BGP prefix hijacking'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nanog
Subject:    RE: [nanog] Advice in dealing with BGP prefix hijacking
From:       mack <mack () exchange ! alphared ! com>
Date:       2008-09-29 21:27:01
Message-ID: 6F2FFD7C10F788479E354B84294036C459425B39 () EXCH-MBX ! exchange ! alphared ! local
[Download RAW message or body]

First I would contact them, you have obviously done this and it didn't work since it \
happened again.

Second I would contact their major transit providers, assuming they aren't a major \
transit provider themselves. If you share mutual transit providers then you will be \
most likely to get satisfactory results. If you aren't a customer of their transit \
provider then you may not get anywhere.

Third you can contact ARIN to talk to the perpetrator and/or their transit providers.
This is one of their primary functions.

The final option is legal.
IANAL (usual disclaimer)
CMU probably has a legal department that may be able to request an injunction or file \
suit for damages. People tend to forget that when prefixes are hijacked there is \
legal recourse after the fact. Of course with the international nature of the \
internet legal recourse may be difficult or impossible. In this case with a US based \
ISP, the legal remedy might be feasible. This is long slow and doesn't help at all \
during an incident, but it will probably keep it from happening again.
ISPs are businesses and when it hits the pocket book they pay attention.

--
LR Mack McBride
Network Administrator
Alpha Red, Inc.

> 
> Message: 2
> Date: Mon, 29 Sep 2008 11:10:48 -0400
> From: "L. Gabriel Somlo" <mikebenden@gmail.com>
> Subject: Advice in dealing with BGP prefix hijacking
> To: nanog@nanog.org
> Message-ID: <20080929151048.GA19783@hedwig.net.cmu.edu>
> Content-Type: text/plain; charset=us-ascii
> 
> Hi,
> 
> I'm looking for advice on how to deal with a US ISP (names withheld to
> protect the guilty) which seems to repeatedly fat-finger our IP space
> into their BGP announcements, and then gives us the run-around when we
> call them on the phone, since we're not their clients...
> 
> Happened twice already, took several hours to fix each time, and I'm
> looking for any ideas, opinions, and war stories that would help me
> figure out how to discourage them from repeating this type of thing
> in the future...
> 
> Thaks much,
> 
> Mike
> 
> 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic