This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
JORDI PALET MARTINEZ
jordi.palet at consulintel.es
Thu Mar 21 23:12:02 CET 2019
Top posting to make it short. Not sure to understand "with teeth" (and google didn't helped). Please understand that there is a lot of people who is not native English, so this kind of expressions make it difficult to catch everything. While, I basically agree with Carlos, have some additional points. 1) I recall there is form in the NCC web site, that anyone can use, to report broken whois data, or I'm mistaken? 2) I think in one of the previous responses, I already indicated that to ensure that accidental cases aren't repeated, it is fine to send a "warning" report about that, which will hopefully help the community to improve the situation, but not considering them a policy violation, and in case of doubt, experts can suggest a waiver for the first time. 3) We may need to refine the text, but the suspected hijacker, in case of sponsored resources, is the suspected hijacker, not the sponsoring LIR (which may not even have relation to it). However, some people indicated that the direct peer should be also accountable. I think I also mention this before, one possible option is to tell the direct peer the first time "this is a warning report", please make sure to improve your filters. Regards, Jordi El 21/3/19 22:40, "anti-abuse-wg en nombre de Carlos Friaças via anti-abuse-wg" <anti-abuse-wg-bounces at ripe.net en nombre de anti-abuse-wg at ripe.net> escribió: On Thu, 21 Mar 2019, Jacob Slater wrote: > Hello All, Hi, Thanks for your input. > While I am in general support of the proposal?s ideas, I have several > concerns with regards to the specific implementation. > > While the idea of an a complaint form (with teeth) sounds appealing, I > do not believe submission should be open to everyone. Only the party > holding rights (as registered in a RIR) should be able to file a report > regarding their own IP space. I had thought about that too. The problem is hijackers tend to hijack space from: - unallocated space - companies which are unreachable (bankrupt/closed?) - networks in conflict (war) zones A variation of this will be allowing anyone _receiving_ the announcement of an hijacked prefix to file a complaint/report. Hijacks don't have to be seen by every network on the planet to be an hijack... And those receiving an hijacked prefix are (according to my dictionary) also victims. > If everyone is allowed to do so, we run > several risks, namely that individuals with no knowledge of the > situation (beyond that viewed in the public routing table) will file > erroneous reports based on what they believe to be the situation (which > may not be accurate, as some forms of permission for announcement are > not documented in a way they could feasibly see). Well, yes. That's one point... the IRR system is kind of broken. And RPKI, unfortunately is still taking baby steps. I would say that in case of doubt, then a rightful owner will be able to create a ROA for the suspected hijack....... Some might say NCC staff might act as a filter, before anything reaches expert's hands. I personally wish that NCC staff is not involved at all. > Allowing for competent complaints (with teeth) to be filed is a good > idea; needlessly permitting internet vigilantes to eat management time > based on a flawed view of the situation is not. Maybe some automated checks? The reported prefix has a valid ROA, it matches, so, the complaint is most likely bogus? :-)) > Additionally, while the policy does define a difference between > accidental and intentional hijacking, it does not differentiate between > the two with regards to policy violations. I thought it did, by stating that accidental events are out of scope. > While some discretion should be left up to the expert, it seems odd to > include this differentiation without simultaneously explicitly stating > that accidental hijacking should generally be treated less severely. Accidental hijacking should never be treated as a policy violation. It thought that was clear, but probably isn't -- despite section 3.0 and the summary. Sorry for that. Needs to be addressed in the next version. > I am by no means attempting to state that constant, unlearned-from > mistakes should be overlooked; I am merely stating that the odd one-off > event should be explicitly prohibited from bringing down an entire LIR. > Fat fingering happens. Yes, thus "This proposal aims to clarify that an intentional hijack is indeed a policy violation." Section 3.0 can be improved. > Finally, how does the proposed policy apply to sponsored resources > (ASNs and PI space)? Is an entire LIR to be held accountable for > sponsoring the resources for users who are otherwise supposed to be > independent? In short, no. Unless the "customer" is the LIR itself. Thanks. Best Regards, Carlos > > Jacob Slater > ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]