[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

Hi,

Firstly, thanks for your valuable input!

Looking at Geoff's Bogons list, i understand "substantial". :-)

Maybe "have been doing so for years on end" can possibly be a factor to 
exclude from this proposal's scope in the next version. On the other hand, 
if the idea is to contribute to shorten that list (as you said, it is 
undesirable to see any prefix there) then a transition period might be 
needed.

The misuse of AS numbers was not seen (maybe until now...) as a frequent 
event (and thus a priority), but if someone is (mis)using an AS number 
that belongs to a third party, then it should also be stated in writing 
that this practice is a violation of RIPE policy -- and of course, allow a 
path for the affected party to issue a report about that.

Best Regards,
Carlos


On Tue, 19 Mar 2019, Richard Clayton wrote:

> In message <E1h6E3W-00051F-BF at www-apps-1.ripe.net>, Marco Schmidt
> <mschmidt at ripe.net> writes
>
>> The goal of this proposal is to define that BGP hijacking is not accepted as
>> normal practice within the RIPE NCC service region.
>>
>> You can find the full proposal at:
>> https://www.ripe.net/participate/policies/proposals/2019-03
>
> <quote>
>
> The announcement of unallocated address space to third parties is also
> considered a policy violation and is evaluated according to the same
> parameters.
>
> </quote>
>
> This is going to be somewhat challenging ... since there are a
> substantial number of well-known (and generally non-abusive entities)
> who are announcing unallocated address space, and in many cases they
> have been doing so for years on end.
>
> I understand there is a mixture of long term disputes about allocations;
> failures to keep contact addresses up-to-date (so that allocations are
> withdrawn) and doubtless also intentional usage of resources that have
> not been allocated.
>
> Geoff Huston publishes a list on a daily basis:
>
>        http://www.cidr-report.org/as2.0/#Bogons
>
> For the avoidance of doubt, I think it is most undesirable that any
> prefix appears on the list -- but I am pragmatic enough to accept that
> there are significant difficulties in dealing with the complexities
> which are behind those announcements.
>
>
> BTW: Geoff Huston's data gathering exercise also identifies the usage of
> AS numbers that are not currently allocated. Again, much of this usage
> is very long standing and failure to "grandfather it in" in some manner
> is likely to cause a substantial workload and the deeming of many
> legitimate companies to be in breach of RIPE norms -- which is going to
> tend to make the impact of the policy rather less than might be hoped.
>
> That all said -- why does the proposed policy not address the misuse of
> AS numbers as well as the misuse of prefixes ?
>
> -- 
> richard                                                   Richard Clayton
>
> Those who would give up essential Liberty, to purchase a little temporary
> Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
>