This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Solving the issue of rogue ROUTE objects in the RIPE Database
- Previous message (by thread): [anti-abuse-wg] Solving the issue of rogue ROUTE objects in the RIPE Database
- Next message (by thread): [anti-abuse-wg] Solving the issue of rogue ROUTE objects in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bengt Gördén
bengan at resilans.se
Thu Nov 5 20:59:35 CET 2015
Den 2015-11-05 kl. 20:40, skrev ripedenis at yahoo.co.uk: > HI all > > I am going to have one last go at solving this problem. I challenge > anyone/everyone to tell me why this is such a stupid idea, technically > impossible to do, won't solve any of the issues partially or fully. > Then I can shut up about it and go away. If you can't condemn the idea > then support it. Lets fix this issue once and for all, stop this > endless discussion about rogue ROUTE objects and get on with life. > > So here is my 4 step proposal that I believe could be implemented > within a month. If we implemented this you can be sure that all ROUTE > objects in the RIPE Database were created with the knowledge and > approval of the related resource holders. I believe that is the > desired goal. Hi Denis, I don't see any immediate pitfalls in your 4-step. The only small, very small, thing is step 3 and it can be abused. But only for <24h. So I think your proposal makes sense. +1 for it. rgrds, /bengan > > STEP 1 > > Any ROUTE object submitted for creation in the RIPE Database involving > an out of region resource (address space and/or ASN) where that out of > region resource does not exist in the authoritative RIR database (has > not been allocated or assigned), reject the creation. > > The RIPE NCC mirrors the operational data from all the other 4 RIRs. > These mirrors are updated daily as well as the RIRs daily stats. It is > easy to determine if a resource is registered in the authoritative > database. > > STEP 2 > > For those ROUTE objects from STEP 1 where the out of region resource > does exist, hold the object creation as pending. The mechanism for > doing this already exists in the RIPE Database software as it is used > for multiple authentications. > > Lookup the out of region resource(s) in the authoritative database(s) > and find the contacts for that resource. Send a notification to those > contacts informing them of the pending ROUTE object creation in the > RIPE Database. The notification mechanism already exists in the RIPE > Database software. If they don't approve, do nothing and the creation > request will time out after a week and the object will not be created. > If they do approve, respond in some way (many technical options for > doing this that the RIPE NCC can choose from). If appropriate > approval(s) are received within a week, create the ROUTE object. > > STEP 3 > > On a daily basis, for each ROUTE object in the RIPE Database that > relates to an out of region resource, check for the continued > existence of that resource in the appropriate RIR database. If it no > longer exists, delete the ROUTE object from the RIPE Database. > > STEP 4 > > This is a one off cleanup of existing ROUTE objects. For all ROUTE > objects currently in the RIPE Database that relate to an out of > region, existing resource, send the appropriate notifications. For any > that no response is received within a week, delete the ROUTE object > from the RIPE Database. > > cheers > denis -- Bengt Gördén Resilans AB -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20151105/a44ba070/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Solving the issue of rogue ROUTE objects in the RIPE Database
- Next message (by thread): [anti-abuse-wg] Solving the issue of rogue ROUTE objects in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]