This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Richard Clayton
richard at highwayman.com
Thu Mar 21 02:02:24 CET 2019
In message <5B88D40A-EFA2-41ED-831E-B9FD14F3637E at consulintel.es>, JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg at ripe.net> writes >I've the feeling that if you're attacked, you will have some forensic info about >that, That may not be the case -- I saw a number of hijacks last summer of US university address space where the university was entirely unaware of the issue until I told them, and even when I did there was no data that they could usefully gather about the event from their own systems. Might I ask how many BGP hijacks of your own prefixes have you (a) identified or (b) investigated ? >In fact, if you haven't realized it and still under attack, this kind of policy >will help you to: >1) Know that your network is being misused by others >2) Engage with the community about that >3) Take the opportunity to learn about how to avoid it I don't think any of those three things are true :-( >I also believe that when what you describe happens, it will happen to several >folks (not neccesarily at the same time), so experts will consider it. You don't >think so? For some types of hijack yes, for others no. >Remember that in the extreme case (this is just life, we like it or not), if you >are responsible for a network and is being missused "because you did your job >incorrectly", you are still reponsible for the harm caused and even legal >consecuences and damages to third parties. If it was a vulnerabilty from the >vendor, you can sue him as well. An aspect of this which has not been discussed is how the policy should be worded so as to make clear that one-off fat-finger events, however newsworthy (and they often are) are not going to be treated in the same way as deliberate hijacks of address space by actors who know exactly what they are doing and why. Or should fat-fingering now cause you to put into the RIPE dock ? The more I think about this proposal, the less I think that the RIR is the place to enforce it -- a similar (but far better thought through) initiative in the IXP space would I think be far more useful; and indeed we have seen a number of bad actors dealt with by IXPs over the past years and this has put a significant dent into their operations. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 185 bytes Desc: not available URL: </ripe/mail/archives/anti-abuse-wg/attachments/20190321/dc32c940/attachment.sig>
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]