You are here: Home > Participate > Policy Development > Policy Proposals > Resource Hijacking is a RIPE Policy Violation

You're looking at an older or unpublished version: 1

BGP Hijacking

Content

1.0 Introduction
2.0 BGP Hijacking is a Policy Violation
3.0 Scope: Accidental vs. Deliberate
4.0 Lines of Action
5.0 Retroactivity
6.0 Possible Objections
7.0 Appeals
8.0 Ratification

 

1.0 Introduction

BGP hijacks happen on an almost daily basis. Hijacks can be on a global scale (propagated to all networks) or restricted (only one or some networks). Through this document, the RIPE community clarifies that BGP hijacking is not an acceptable practice.

2.0 BGP Hijacking is a Policy Violation

A hijack is understood to be the announcement of routes through BGP to third parties without the consent of the resource holder. This is considered to be a violation of RIPE policy.

The location of the resource holder or hijacker in such cases is irrelevant. A hijack constitutes a policy violation even if both parties are located outside of the RIPE NCC service region.

The announcement of unallocated address space to third parties is also considered a policy violation and is evaluated according to the same parameters.

3.0 Scope: Accidental vs. Deliberate

A distinction can be made between accidental or deliberate hijacks from available routing datasets, looking at parameters such as duration, recurrence, possible goals, and the size of hijacked blocks. Other parameters may also be considered in the future.

4.0 Lines of Action

The RIPE NCC is not able to monitor the occurrence of BGP hijacks or assess whether they are policy violations. It must therefore rely on external parties, both to report hijacks and determine whether they are deliberate.

Reports sent to the RIPE NCC need to include a minimum set of details, such as: “Networks Affected”, “Offender ASN”, “Hijacked Prefixes” and “Timespan” (this is not a definitive list and other details may also be required). The RIPE NCC will provide a web-based form to facilitate these reports.

The RIPE NCC will define a pool of worldwide experts who can assess whether reported BGP hijacks constitute policy violations. Experts from this pool will provide a judgement regarding each reported case, no later than four weeks from the moment the report was received.

5.0 Retroactivity

Only hijacking events that occur after this policy has been implemented are eligible to be considered.

6.0 Possible Objections

A report containing an expert judgement on the case will be sent to the suspected hijacker. This party will then have four weeks to object to any conclusions contained in the report. Any objections are then assessed and ruled as admissible/non-admissible by the experts, during a two-week review period. Following this, the report is finalised and published.

7.0 Appeals 

Following the publication of the final expert report, the suspected hijacker has two weeks in which they can file an appeal. If an appeal is filed, an alternative expert will review this for a maximum of four weeks. The results of this review are final and cannot be further appealed.

8.0 Ratification

Once the report has been published, any policy violation will be ratified by the RIPE NCC Executive Board. Otherwise, the complaint/report will be archived. The ratification will be delayed in case of an appeal, until the second expert has been published their review.

 

Get Involved

The Anti-Abuse Working Group is open to anyone with an interest in combating network abuse. Areas such as cybersquatting and hosting illegal content are beyond the scope of the WG. The WG advises relevant parties such as Internet service providers (ISPs), governments and law enforcement agencies on both technical and non-technical methods of tackling abuse. This mailing list was previously the “anti-spam-wg”, the archives of which are still publicly available on the RIPE NCC website. To post a message to the list, send an email to anti-abuse-wg@ripe.net. Please note that only subscribers can post messages.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum

Please contact if you need more information.

Stay up to date!

Follow @PDO_RIPE_NCC on Twitter.