Re: someone is using my AS number

[Job Snijders <job () instituut net>]

Hi Joe,

On Thu, Jun 13, 2019 at 9:59 Joe Abley <jabley () hopcount ca> wrote:

> Hey Joe,
>
> On 12 Jun 2019, at 12:37, Joe Provo <nanog-post () rsuc gweep net> wrote:
>
> > On Wed, Jun 12, 2019 at 04:10:00PM +0000, David Guo via NANOG wrote:
> > > Send abuse complaint to the upstreams
> >
> > ...and then name & shame publicly. AS-path forgery "for TE" was
> > never a good idea. Sharing the affected prefix[es]/path[s] would
> > be good.
>
> I realise lots of people dislike AS_PATH stuffing with other peoples' AS
> numbers and treat it as a form of hijacking.
>
> However, there's an argument that AS_PATH is really just a loop-avoidance
> mechanism, not some kind of AS-granular traceroute for prefix propagation.
> In that sense, stuffing 9327 into a prefix as a mechanism to stop that
> prefix being accepted by AS 9327 seems almost reasonable. (I assume this is
> the kind of TE you are talking about.)
>
> What is the principal harm of doing this? Honest question. I'm not
> advocating for anything, just curious.



Excellent question.

1/ We can’t really expect on the loop detection to work that way at the
“jacked” side. So if this is innocent traffic engineering, it is unreliable
at best.

2/ Attribution. The moment you stuff AS 2914 anywhere in the path, we may
get blamed for anything that happens through the IP addresses for that
route. In a way the ASNs in the AS_PATH attribute an an
inter-organizational escalation flowchart.

Kind regards,

Job