This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Suresh Ramasubramanian
ops.lists at gmail.com
Thu Mar 21 02:36:40 CET 2019
The discussion does seem to be going in circles. A series of objections from Sascha and then various people countering it – none of whom appear to be lawyers of any stripe, discussing the legality (or not) of this proposal. RIPE NCC legal can certainly determine whether or not the policy proposal in question complies with Dutch law. The one thing I can say – not being a lawyer – is that if the hijacking is accompanied by criminal activity, and is shown to be deliberate in order to carry out such activity, Dutch or any other country’s law will find zero difficulty in charging the ISP in question as an accessory to the crime under investigation. If the hijacking is because of someone fat fingering a routing table and routing all Google traffic to Pakistan, that’s another story altogether. This is a repeat of various long and ultimately not very impactful discussions here about some tiny LIRs allocating multiple /14s to spam operations, a few years back. I’m glad to see that there’s at least some more consensus now on this – and much the same objections from much the same vocal minority of individuals. Now this entirely boils down to the proposal achieving rough consensus on the list and then in the WG meeting in which this proposal is listed on the agenda. From: Brian Nisbet <brian.nisbet at heanet.ie> Date: Wednesday, 20 March 2019 at 10:43 PM To: Suresh Ramasubramanian <ops.lists at gmail.com>, "Sascha Luck [ml]" <aawg at c4inet.net>, Hank Nussbacher <hank at efes.iucc.ac.il> Cc: Ricardo Patara <ricpatara at gmail.com>, "anti-abuse-wg at ripe.net" <anti-abuse-wg at ripe.net> Subject: RE: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) Folks, We were doing so well! There is a difference between expressing opposition to the statements and the manner of doing so. I’ve called this out before, but please remember that a) this is all text, a medium infamous for being awful at nuance and conveying meaning and b) there are members on the list from many places and cultures and we should all be very considered in our reactions. I will admit, I do not interpret Sascha’s remark as calling Hank a liar, but there are reasons for that of language and context as well. So right now, I will leave the points above where they are and ask everyone to choose their words carefully. Thanks, Brian Co-Chair, RIPE AAWG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet at heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 From: Suresh Ramasubramanian <ops.lists at gmail.com> Sent: Wednesday 20 March 2019 16:45 To: Sascha Luck [ml] <aawg at c4inet.net>; Hank Nussbacher <hank at efes.iucc.ac.il> Cc: Ricardo Patara <ricpatara at gmail.com>; anti-abuse-wg at ripe.net; Brian Nisbet <brian.nisbet at heanet.ie> Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) + Brian - how appropriate is it to call other posters liars like this? --srs From: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> on behalf of Sascha Luck [ml] <aawg at c4inet.net> Sent: Wednesday, March 20, 2019 8:42 PM To: Hank Nussbacher Cc: Ricardo Patara; anti-abuse-wg at ripe.net Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) >If you are a victim (someone has abused your network), then just prove >it and the policy won't apply and the hivemind will even assist you in >cleaning your router. LOL, two of the oldest lies in history neatly rolled into one statement: "If you have done nothing wrong you have nothing to fear" and "I'm from $agency, I'm here to help you" rgds, Sascha Luck > >Regards, >-Hank > >>On this line of one ISP trying to make damage to other. >> >>One might abuse a vulnerable router (thousand out there), create a >>tunnel to it and announce hijacked blocks originated from victims >>ASN. >> >>Both, victim ASN and vulnerable router owner, would be damaged and >>no traces of criminal. >>How could they defend themselves to the so called group of experts? >> >>And things in this line had happened already. >> >>Regards, >> >>On 20/03/2019 07:46, furio ercolessi wrote: >>>On Wed, Mar 20, 2019 at 11:01:30AM +0300, Andrey Korolyov wrote: >>>>> >>>>> >>>>>And when everything is made clear, if a report is filed >>>>>against AS1, AS1's >>>>>holder might have a problem, so i see a strong reason for not even trying >>>>>:-) >>>>> >>>>> >>>>Out of interest, take an AS1 with single malicious upstream AS2, >>>>what stops >>>>AS2 to pretend that AS1 has made bogus announcements and make them for its >>>>own purposes? This situation looks pretty real without RPKI or other >>>>advertisement strengthening methods, as I could see. How experts are >>>>supposed to behave in this situation? >>> >>>This has been seen many times, even chain situations like >>> >>><upstreams and peers> - AS X >>> \ >>> AS 3 - AS 2 - AS 1 >>> / >>><upstreams and peers> - AS Y >>> >>>where X and Y are legitimate ISPs, while {1,2,3} is basically a >>>single rogue >>>entity - or a set of rogue entities closely working together with a common >>>criminal goal. >>> >>>In such a setup, AS 1 should be considered as the most >>>"throw-away" resource, >>>while AS 3 would play the "customer of customer, not my business" role, >>>and AS 2 would play the "i notified my customer and will disconnect them >>>if they continue" role. When AS 1 is burnt, a new one is made - with >>>new people as contacts, new IP addresses, etc, so that no obvious >>>correlation >>>can be made. Most of the bad guys infrastructure is in AS 3 and >>>that remains >>>pretty stable because their bad nature can not be easily demonstrated. >>> >>>Whatever set of rules is made against hijacking, it should be assumed that >>>these groups will do everything to get around those rules, and many AS's >>>can be used to this end. Since there is no shortage of AS numbers, I >>>assume that anybody can get one easily so they can change them as if they >>>were underwear. >>> >>>And yes, unallocated AS's in the AS 1 position, announcing unallocated IPs, >>>have also been seen. Those are even easier to get :-) >>> >>>So the ideal scheme to counteract BGP hijacking should be able to climb up >>>the BGP tree in some way, until "real" ISPs are reached. >>> >>>Nice discussion! >>> >>>furio ercolessi >>> >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20190321/2eb2989d/attachment.html>
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]