RE: Ettiquette and rules regarding Hijacked ASN's or IP space?


> Christopher L. Morrow wrote:
> So, for an example, if I steal ASN 8143 (already stolen so its
> mute) and I'm 'a good guy', all I want to do is run a network
> no spam/abuse eminates from it,

Question: if you are a 'good guy', why didn't you request your own legit
ASN in the first place? It's less work than finding one to hijack and
hijack it. And probably cheaper too: $500 does not pay for much of my or
your time.

excellent point :slight_smile: the distinction between 'good' and 'bad' was just
non-abuser/abuser. Certianly ARIN's requirements for ASN ownership are
simple enough, be multihomed and have a 'unique' routing policy. If you
need an ASN likely you are already multihomed and have a 'unique' routing
policy, eh?

> I am not advocating one or the other, and to me the rules should
> apply to both groups (all theives treated equally)... I'm just
> curious as to the general thought on this subject.

Without taking sides, does the first group really exist?

If you fuzz over the 'bad'/'good' beyond 'abuser'/'non-abuser' then
perhaps there isn't a distinction. Perhaps clarification: Someone that
sets up an ISP and hijacks ASN/ip-blocks specifically to abuse versus
someone who hijacked an ASN to avoid paperwork.

The distinction isn't necessarily for any real purpose, except as a
talking point. I've seen both groups get discussed, and only the 'abusing'
group seems to get hounded... or atleast thats what I've seen.

It's not even THAT difficult...all you have to be is multihomed _or_ have
a 'unique' routing policy.

Being multihomed by itself is trivial and plenty of justification...does
anybody have some examples of 'unique' routing policies, that require
ASNs, that don't require or imply multihoming? For example, while
anycasting is a good example of a potential use of an ASN without
requiring multihoming, it's kind of implied that they're at least
purchasing transit from multiple organizations (if not truly multihomed)
and could easily justify an ASN without having to specify their unique
routing policy.

What sorts of 'unique' routing policies justify an ASN?


Anything weird, bizaare, or different. Like once every year when some
ip/colo provider decides they want to sell local peering routes or want to
give every datacenter an ASN, or when some route optimization company
decides they need a huge block of ASNs for...well...nevermind, or when
someone decides that they need a special ASN dedicated to acting as a
border between their reserved asn customers and the rest of the world...

Andy Dills wrote:

What sorts of 'unique' routing policies justify an ASN?

ISP has a corporate customer that decides to multi-home. While ISP is not multi-homed themselves, they must have an ASN to speak BGP and pass routing information between their corporate customer and their provider.

So an ISP may not quite fit the bill. Imagine a holding company that oversees a bunch of companies with independant networks, yet they all meet up at the holding company's network. For ease of maintenance between the companies (let's say there's 10 of them), they run BGP with private ASNs and the holding company default routes to their provider. Company X decides that they have a more network sensitive application which requires extra redundancy. They bring up a circuit to another network, get an ASN (as they are multi-homed now). In order for this to work, the Holding company must run an ASN and speak bgp to it's provider (and confederates are our friend).

I'm sure there are weirder routing policies, and some may even qualify for an ASN and BGP without any section of the network or it's downstreams being multi-homed. In some cases, it may be convenience or security.

For example. In the above senario, what if some of the real IP addresses held by a few of the companies should only be routed between the companies and not out to the public Internet. In such a senario, one could say that packet filtering is adequate, although not routing the netblock to begin with would definately be more secure (and fall under a routing policy requiring BGP in a non-multi-homed senario). With the holding company running BGP to it's provider, which netblocks get routed to the public and which go to companies X, Y, and Z only is trival. The RiR's do not dictate what proper routing policy is. They manage the assignments. Obviously, if all the companies fit within a /22, there might be some complaints. If the companies had a /18+ of address space, there might be just cause to allow them to do BGP and thus have an ASN, even with a single peer.