I hope none of you ever get hijacked by a spammer housed at Phoenix NAP.
We're still not out of the woods, announcing /24s and working with upper
tier carriers to filter out our lists. However, I just got this response
from Phoenix NAP and found it funny. The "thief" is a former customer,
whom we terminated their agreement with. They then forged an LOA,
submitted it to CWIE.net and Phoenix NAP and resumed using space above and
beyond their terminated agreement. So now any request for assistance to
stop our networks from being announced is now responded to with an
instruction to contact the thief's lawyer.
I hope none of you ever get hijacked by a spammer housed at Phoenix NAP.
In the dim past, I had a somewhat similar situation:
- A largish (national telco of a small country) ISP started announcing address space a customer of theirs provided. Unfortunately, the address space wasn't the ISP's customer's to provide.
- When the ISP was notified by both their RIR and the organization to which the address space was rightfully delegated, the ISP's response was:
"We have a contractual relationship with our customer to announce that space. We have neither a contractual relationship (in this context) with the RIR nor the RIR's customer. The RIR and/or the RIR's customer should resolve this issue with our customer."
In any case, I'm hoping the major Tier-1s do the right thing and filter the
rogue annoucements, while allowing the OP's. Hopefully after enough
pressure and dysfunction, they will give it up.
And if I have a contract to commit murder that doesn't mean that
it is right nor legal. A contract can't get you out of dealing
with the law of the land and in most place in the world "aiding and
abetting" is illegal.
You appear to be making a large number of assumptions on limited evidence. In the case I'm familiar with, I can assure you that no laws were being broken (even if all the parties were in the same country, which they weren't). However, this is getting off-topic and I don't want to hijack the thread. The issue of route hijacking is quite serious and it will be interesting to see how this all works out.
Not to put a damper on things, but, is there actually any law that precludes use of integers as internet addresses contrary to the registration data contained in RIR databases?
I can see how a case might be made for tortious interference, but I think it's quite nebulous and I believe a civil matter at best. IANAL, but, I actually wonder if there is any way to construe the behavior in question as criminal and if so, under what statute(s).
> - A largish (national telco of a small country) ISP started announcing
national telco. oooh kayyyy...
And if I have a contract to commit murder that doesn't mean that
it is right nor legal. A contract can't get you out of dealing
with the law of the land and in most place in the world "aiding and
abetting" is illegal.
Vercotti ..... andd one night Dinsdale walked in with a couple of big lads,
one of whom was carrying a tactical nuclear missile. They said I'd bought one
of their fruit machines and would I pay for it.
Interviewer How much did they want?
Vercotti Three quarters of a million pounds. Then they went out.
Interviewer Why didn't you call the police?
Vercotti Well I had noticed that the lad with the thermo-nuclear device was
the Chief Constable for the area.
At some point, I suspect that this gets service to get it fixed RIGHT
NOW. At some point, the guys informing you it's RIGHT NOW show up
with badges.
The question is, when is it badges? It can be construed as a denial
of service attack on the addresses' rightful owners. They will
respond to any major government site being hijacked. Probably to
Apple or Google. Likely to a Tier-1 ISPs internal infrastructure.
That they probably won't to the current situation is a matter of
failure of the system to scale, not that the ethics, morality, or
legality of the situation are any different now than www.whitehouse.gov going poof.
"We have a contractual relationship with our customer to announce that
space. We have neither a contractual relationship (in this context) with
the RIR nor the RIR's customer. The RIR and/or the RIR's customer should
resolve this issue with our customer."
This is the point at which you really really want to turn the tables and
get someone who desires to announce that very provider's own space
approaching you, so you "enter a contractual relationship" with that party
to do so, since (apparently) according to that provider you don't have
an obligation to prevent this.
And you have a nice letter from them to prove it to any upstreams, that
resource issues are to be resolved with end users.
If according to that provider those issues should be resolved between the
RIR listed address space holder and the customer directly, (apparently),
you are not to be involved in preventing a customer from hijacking
theirown assigned prefix. Because the same logic must apply to their
very own address space; it is up to them and the RIR to resolve their
issue with the elusive end user.
But then you realize the only party that could ever approach you with a
request to
route them another provider's space would be one of those evil spammers....
That may not be a bad idea. Have you gotten your company's lawyers
involved? They may be able to get some sort of court action started and get
things moving. They may also be able to compel the ISP's to act.
>> "We have a contractual relationship with our customer to announce =
that =3D
>> space. We have neither a contractual relationship (in this context) =
=3D
>> with the RIR nor the RIR's customer. The RIR and/or the RIR's =
customer =3D
>> should resolve this issue with our customer."
>=20
> And if I have a contract to commit murder that doesn't mean that
> it is right nor legal. A contract can't get you out of dealing
> with the law of the land and in most place in the world "aiding and
> abetting" is illegal.
You appear to be making a large number of assumptions on limited =
evidence. In the case I'm familiar with, I can assure you that no laws =
were being broken (even if all the parties were in the same country, =
which they weren't). However, this is getting off-topic and I don't =
want to hijack the thread. The issue of route hijacking is quite =
serious and it will be interesting to see how this all works out.
I think if you provided more specific details of your example, I suspect some of us could probably come up with some specific laws that may have been broken
