This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15
- Previous message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03
- Next message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hank Nussbacher
hank at efes.iucc.ac.il
Fri Apr 5 07:38:49 CEST 2019
On 04/04/2019 21:36, Gert Doering wrote: > Hi, > > On Thu, Apr 04, 2019 at 08:32:39PM +0200, Karl-Josef Ziegler wrote: >>> Also I would to remind all the community that usually what happens to >>> communities that cannot regulate themselves is that some outsider comes >>> and regulated them... >> Yes, this is also my opinion. The community should do something against this abusive behavior. >> If it isn't done by the community there might be some regulation coming from outside, i.e. >> political entities. And I doubt that this will be the better way to handle this problem. > Still targeting the wrong crowd. A few willing Tier1 ISPs would have way > more effect than all policies we do in RIPE land against a rogue ISP that > might not even *be* a RIPE member (or a member of any LIR). Back in 2014 when I ran down a BGP hijack and approached the tier-1 (CAIDA top 5) that enabled the hijack to take place, their response was: "/But as you point out - we are xxxxxxxxx. There needs to be // //a degree of trust between us and our customer. Also it would be highly // //impractical to have proactive monitoring on all route changes. But there // //are certain things we block and others that we monitor of interest. This // //situation is now one of them. /" Less than a year ago I approached a tier-1 that ranked in the top 25 about another BGP hijack. I approached them 36 hours *after *the hijack took place and the response I received from their NOC was that they approached the hijacker (a direct customer of theirs) and the response from the hijacker which they forwarded to me was: /We checked the prefixes mentioned in our network and we do not seen these prefixes and do not advertise to ASN xxxx [HN: tier-1 ASN].// //Also these prefixes are not seen in internet from our network (ASN : xxxxx ). [HN: ASN of hijacker]/ Of course the prefixes are not seen, since the hijack was for a few hours. The tier-1 closed the case. So if the Internet (5xRIR) could guarantee me that within a year, the top 100 ASNs in the Internet were filtering properly and stopping BGP hijacking from occurring, I would pull my support for this proposal and agree with you. Regards, Hank > > Gert Doering > -- NetMaster -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20190405/3f4c862f/attachment.html>
- Previous message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03
- Next message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]