First we have to educate everyone that IP address blocks CAN NOT be
bought and sold. If you know that somebody offered to sell IP address
space - find out who exactly is involved and what IP address space
and report it here. We'll investigate the matter. More than likely
it is hijacked IP address space as companies that received IP address
space directly from the RIR already know all this (having signed a
service agreement with the RIR that says the IP address block cannot
be transferred to other companies except in case of a merger) and
would not try to sell IP address space.
Second, ISPs must cooperate with each other and refuse to route
through their network any IP address blocks that are known to have
been hijacked (see the list on this web site). ISPs must pay close
attention to any new customers (especially those with only co-location
servers that come in and say they want to have a large IP address
block routed that would seem to consist of a substantially larger
number of IP addresses than this organization would really need
based on its size and the amount of hardware it has). If the IP
address block that the ISP is being asked to route is not properly
listed for the client (e.g. name of the block in WHOIS, etc.), it
would be a good idea to investigate such an IP address block before
allowing it to be routed (if you're interested, please go here to
initiate investigation, if it's an urgent matter, see the commercial
services section of the web site about official investigations into
old domains and IP addresses that we can do).
Those who have become victims of IP address space hijacking (either
those whose IP address space has been taken or those who have been
sold hijacked IP address space, which is consequently taken away)
have to consider this serious criminal activity and report it to the
police and file charges.
We have to educate law enforcement about IP address hijacking so that
more serious and faster measures may be taken and these criminals are
prosecuted. Right now, because of slow and inadequate response,
hijackers may continue their activities even after it has been found
who they are and their hijacked IP address blocks have been taken away.
Better security needs to be implemented at the RIR to protect their
records and IP address blocks from being hijacked in the first place
as current authentication based on email is inadequate. Those RIRs
that have necessary security systems (such as PGP) need to educate
their ISP and end-user customers to actually take advantage of it.
Requiring new IP address allocations and assignments to use the
improved security methods would be a big step.
Better security also needs to be made available at BGP routing level
to make sure that the companies advertising the IP address blocks are
allowed to do that. Currently there is a proposal for S-BGP that
involves having a certificate for each allocated IP address block and
using certificates as part of routing and BGP for authentication of
IP address space by AS numbers. S-BGP can solve the problem but will
require upgrades to the core Internet infrastructure as it requires
a lot more memory for routers in order to not only accommodate the
IP route but also the certificate that comes with it (bearing in mind
that a certificate takes about 10 times more memory than the route
itself) as well as the ability to do cryptographic verification
quickly, which requires more CPU power or specific hardware for
cryptography. Because of these necessary hardware upgrade and serious
investment in new hardware that would be necessary, S-BGP has not
gone beyond theoretical work so far.
Because many of the current IP address hijackings involve old IP
address blocks allocated prior to 1995 ("legacy IP address space"),
we have to take a closer look at how this space is being currently
used and by what companies. Steps must be taken to investigate each
block and to make sure the records about technical and administrator
contacts are correct (often the people listed in WHOIS records for
particular IP address blocks have been gone for 10 years or more!)
|