[143902] in North American Network Operators' Group
Re: Prefix hijacking by Michael Lindsay via Internap
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Sun Aug 21 10:06:21 2011
In-Reply-To: <001001cc5fdc$2ebfd730$8c3f8590$@com>
Date: Sun, 21 Aug 2011 09:05:47 -0500
From: Jimmy Hess <mysidia@gmail.com>
To: Erik Bais <ebais@a2b-internet.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, Aug 21, 2011 at 3:27 AM, Erik Bais <ebais@a2b-internet.com> wrote:
> Convenient as it may be to use a LIR and their historic provided prefixes,
> have you thought about starting with a clean slate ?
It's probably better for the network community if he _doesn't_ let an apparently
known hijack to continue; maybe any address hijacker(s) involved will learn a
lesson and stop. In the long run it's probably not the most
convenient action,
the hijack has probably 'tainted' the reputation of the addresses, as in
Spamhaus listing[?]
The most responsible action would be to try to put a stop to any
hijack/unofficial use of the
existing prefix, and after the new network requirements are determined, return
any portion of the assigned addresses that is no longer immediately justified
under the current network design.
If info is correctly fixed in WHOIS, then send each of the AS/upstream
AS contacts
from the announcement a letter from the administrative / tech contact
to request
that they stop propagating such and such errant announcement from the prefix,
as long as rogue announcements continue....
If it continues to be a problem, find the upstreams' upstreams,
until you are sending letters to Tier1 operators.
Regards,
--
-JH
