[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

In message <5B88D40A-EFA2-41ED-831E-B9FD14F3637E at consulintel.es>, JORDI
PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg at ripe.net> writes

>I've the feeling that if you're attacked, you will have some forensic info about 
>that,

That may not be the case -- I saw a number of hijacks last summer of US
university address space where the university was entirely unaware of
the issue until I told them, and even when I did there was no data that
they could usefully gather about the event from their own systems.

Might I ask how many BGP hijacks of your own prefixes have you (a)
identified or (b) investigated ?

>In fact, if you haven't realized it and still under attack, this kind of policy 
>will help you to:
>1) Know that your network is being misused by others
>2) Engage with the community about that
>3) Take the opportunity to learn about how to avoid it

I don't think any of those three things are true :-(

>I also believe that when what you describe happens, it will happen to several 
>folks (not neccesarily at the same time), so experts will consider it. You don't 
>think so?

For some types of hijack yes, for others no.

>Remember that in the extreme case (this is just life, we like it or not), if you 
>are responsible for a network and is being missused "because you did your job 
>incorrectly", you are still reponsible for the harm caused and even legal 
>consecuences and damages to third parties. If it was a vulnerabilty from the 
>vendor, you can sue him as well.

An aspect of this which has not been discussed is how the policy should
be worded so as to make clear that one-off fat-finger events, however
newsworthy (and they often are) are not going to be treated in the same
way as deliberate hijacks of address space by actors who know exactly
what they are doing and why.

Or should fat-fingering now cause you to put into the RIPE dock ?

The more I think about this proposal, the less I think that the RIR is
the place to enforce it -- a similar (but far better thought through)
initiative in the IXP space would I think be far more useful; and indeed
we have seen a number of bad actors dealt with by IXPs over the past
years and this has put a significant dent into their operations.

-- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20190321/dc32c940/attachment.sig>