This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Carlos Friaças
cfriacas at fccn.pt
Thu Apr 18 12:50:25 CEST 2019
On Thu, 18 Apr 2019, Peter Koch wrote: (...) >>>> BGP hijacking completely negates the purpose of a (Regional Internet) Registry. >>> >>> This is unclear to me. The Registry registers address space, not routes. >> >> Yes, but one of the main purposes of a Registry is that everyone knows who >> is using a specific resource (or who is the legitimate holder). > > Definitely the registry puts on record who the holder is, I'm not > sure that always includes "use". Without any rights of use attached, the value of having a registry is close to none. If someone hijacks a resource to engage in a criminal activity, then the value for the legitimate holder of having a reference in the registry can be even *negative*, if he's forced to prove that he actually didn't have any part in said criminal activity... >> Those who are intentionally and continuously hijacking resources are >> removing value from the Registry for the whole community. > > Quite to the contrary. Without the registry you couldn't even tell. Step 1 - Have a registry. Check. Step 2 - Make people abide by the registy. Oooops. :/ >> What's the point in having a Registry if people just decide which numbers to >> use, even if those Internet numbers are attached to another org with >> legitimate holdership and exclusive rights of usage? > > That question answers itself. Even more so, what's the point of removing > the resources registered by those "people" if they allegedly don't care > anyway? If an hijacker loses the rights to use its ASN, their peers/upstreams will likely need to review their configs/neighborships... >> The rule, as we speak doesn't exist. Maybe using different wording, it could >> mean: "Resource hijacking is not allowed". Period. > > While "hijacking" still needs to be defined, the statement in and of > itself is not a policy. We hope to improve the definition in version 2.0. I disagree when you say "<something> is not allowed" is not a policy. >> So, the main/only course of action, as i see it today for an hijacked party >> (if the hijacker is from the RIPE region), is sending a complaint to a dutch >> court... and it's doubtful if the dutch court will not rule itself to be >> "unable to rule" on the matter... > > Why would you ask the Dutch court? It's the only court who can rule that the RIPE NCC needs to do something... > Thanks to the Registry DB, the hijacked party is hopefully able to prove > holdership of a resource to take mitigation to the operational level. Hopefully, yes. But that won't stop the hijacker to hop on to the next hijack/victim... Again, we're focusing on the hijacked party as the sole victim, when those who *receive* hijacked routes are also the victims, as their traffic is attracted from such bogus announcements. Cheers, Carlos > -Peter >
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]