Recently, I found myself mediating a conversation between two different sets of people in the Internet community: the folk who have eyes on the problems, and the holders of the affected assets.
I’m not going to identify these asset-holders, but suffice to say that they were a large company with significant address holdings in the Asia Pacific region.
The company had small chunks of its address space being misused in Europe and the Americas, and this was discovered by the first set of people I mentioned, who work in anti-spam and abuse — activists, if you like — who asked me to help them pass a warning on to the asset holder.
The role I had was a brief one, and revealing of the gap that is out there. I was happy to do this; it was good to help improve ‘routing hygiene’, but it made me think about the risk-consequence issues.
These issues feel large: Internet addresses and routing are valuable things, and the consequence of misuse is potentially huge. It goes to the bottom-line goodwill of your brand, the thing we all see. Here’s my take on the problem.
Say you have some Internet addresses. What are you meant to do if somebody starts routing them without your permission?
The first thing is, you should be aware at all times of what is happening in global routing with your resources. This is a fundamental risk that some asset-holders miss.
Don’t allow things to happen with your resources sight unseen.
Be aware of your resources’ routing fate in the global Internet. Being aware means one of two things: either you are fully engaged in BGP routing and see what’s happening because you have a view inside BGP or the state of BGP, or you subscribe to some kind of service or report that tells you what is seen in BGP, and reflect on what it says about you and your resources.
If you don’t want a random ASN asserting that a /24 of your holdings originated from them, you have to know it is happening! It’s that simple.
The second thing is that you have to be seen to stand up to and repudiate bad things. If you hold a block of addresses, and announce that block as originating from some ASN, and then don’t explicitly repudiate somebody else announcing a more specific block from another ASN, or with different qualities, what is the wider community meant to do? How do people know that is not your actual intent?
The answer is, they can’t know, and we live in a remarkably permissive world.
What is said in BGP is generally believed, unless a strong indication exists otherwise.
Being seen to repudiate bad things is simple: join the community. Join a NOG. Join a big NOG, join a small local NOG, be on the lists. You can ‘ghost’ them most of the time, you don’t have to post all the time, but visibly be a member, respond to questions posted about your resources, don’t allow others to become your de facto voice inside the community. Post on Twitter, post on technical discussion websites and blogs. If you see somebody mis-announcing, be active and repudiate it as quickly as you can.
It helps if you have some basis of trust. So getting a PGP key signed by the community, being at local NOG, RIR and IETF meetings, becoming understood as a participant in the routing community, is a huge help here. These are not free, of course, and involve effort and travel cost.
But compared with the goodwill value of your brand, or your company’s online presence, the cost is a fraction of your risk. If you don’t see that, personally I ask why you have the Internet addresses in the first place!
So how do you signal your intention. What is the best way to indicate what you want?
What is a good indication of intent? Well, we have at least three, two of which are pretty weak, and one is based on cryptography. There may be others, but these are the ones that work for me right now.
The first weak one is a Letter of Authority: a public statement of what you permit people to do. On company letterhead, clearly stating what intention you have regarding your resources, and somebody’s ability to originate them. Why weak? It is easy to forge, especially when as a PDF document, shared by email.
But the beauty of this letter is that any competent authority in the modern legal system understands this as a thing that, if forged, incurs a penalty. Lying in a document, forging a document, is a crime, with outcomes. You don’t have to explain to a judge or policeman what you mean, if you tell them somebody faked your signature on a document over a forged letter. It is a weak defence, because it depends on prosecution after the act. But you can act. It is easy to write a letter of authority, and publish it.
The second weak indicator is to have a public routing registry statement of your intention. This is structured data, inside a worldwide framework of services, some of which operate in private hands, and some of which operate for the public benefit inside not-for-profit bodies like the RIR system.
Structured data is good, because it permits people to write tools that read it, and indeed this is what many people do: the format of the data is simple textual records, and the tools exist to read them, and construct BGP routing configurations that respect them.
But this system is weak too, because it doesn’t always limit itself to sources that have strong trust: some routing registries take ‘fiat assertions’ of who controls which resource at face value, and so anyone can claim resources that are not currently in conflict with other assertions in that space. Some even permit out-of-region resources to be added freely.
The strong signal of intent is the cryptographically signed one, which is what Resource Certification is all about: you demonstrate control of your resources by producing cryptographically-signed products that can be tested (we call it validated) by applying the cryptographic tools, to check you have authority over them, based on the statements other people make delegating them to you.
This blog article isn’t designed to explain how this works. The point being made here is that of the two fundamental choices and three forms of assertion of control, all or any of them demand that you are visible, that you are visibly engaged in the ownership of your assets.
You can’t defend the integrity of your addresses on the Internet if you don’t publicly engage.
So, if you have addresses in the Internet, don’t be passive about them — make sure you understand how they are being used, and possibly abused, worldwide. And when you see it, do something about it.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.