nanog mailing list archives
Re: AS11296 -- Hijacked?
From: Robert Bonomi <bonomi () mail r-bonomi com>
Date: Sat, 2 Oct 2010 15:03:52 -0500 (CDT)
From nanog-bounces+bonomi=mail.r-bonomi.com () nanog org Fri Oct 1 16:33:09 2010 From: John Curran <jcurran () arin net> To: George Bonser <gbonser () seven com> Date: Fri, 1 Oct 2010 17:32:47 -0400 Subject: Re: AS11296 -- Hijacked? Cc: "nanog () nanog org" <nanog () nanog org> George - Full agreement; the next step is defining a deterministic process for id= entifying these specific resources which are hijacked,
That _seems_ fairly simple -- can you trace a 'continuity of ownership from the party that they were -originally- allocatd to to the party presently using them. If yes, legiitmate, if no, hijacked. With most States corporation records on-line, tracing corporate continuity is fairly straight foruard. As long as you recognize that a corpoation 'abadoned', 'dissolved' (or similar) in one state is *NOT* the 'parent' of a same-/similarly-named corporation established in another state. And that "documents" surfacing 'long after' a resource-holder has 'disappeared', puporting to show a transfer of those resources 'at the time of disappearance', are "highly suspect", and really require confirmation from someone who can be -independantly- verified as part of the 'old' organization at the time of the transfer. This isn't rocket science, it's straightforward corporate forensics, and the establishment of "provenence", or the equivalent of an 'abstract of title' for real-estate. "Somebody", either IANA, or the RIRs _should_ have been keeping track of what prefixes are announced, and _by_whom_, as a minimal check on utilization when an existing AS submits a request for additional space. A netblock (meaing an entire allocation, not just some sub-set thereof) that's been 'missing' for an extended period, and then shows up in an geographically distant locale is 'suspicious' to start with. All the more so it it was multi-homed, and now has only a single upstream.
Current thread:
- Re: AS11296 -- Hijacked?, (continued)
- Re: AS11296 -- Hijacked? Owen DeLong (Oct 01)
- Re: AS11296 -- Hijacked? Steven Bellovin (Oct 02)
- Re: AS11296 -- Hijacked? John Curran (Oct 01)
- Re: AS11296 -- Hijacked? Bryan Fields (Oct 01)
- RE: AS11296 -- Hijacked? Nathan Eisenberg (Oct 01)
- Re: AS11296 -- Hijacked? JC Dill (Oct 01)
- Re: AS11296 -- Hijacked? Owen DeLong (Oct 01)
- Re: AS11296 -- Hijacked? Christopher Morrow (Oct 01)
- Re: AS11296 -- Hijacked? John Curran (Oct 02)
- Re: AS11296 -- Hijacked? James Hess (Oct 02)
- Re: AS11296 -- Hijacked? (ARIN region & hijacking) John Curran (Oct 02)
- RE: AS11296 -- Hijacked? (ARIN region & hijacking) George Bonser (Oct 02)