[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

On 22/03/2019 13:33, JORDI PALET MARTINEZ via anti-abuse-wg wrote:
> Clearly it is a matter of wording and also introducing warnings in some cases.
>
> I have sent a text about this before:
>
> “Direct peers allowing the hijack thru their networks will be warned the first time, but may be considered by the experts evaluation to be a party involved in case of subsequent deliberated hijacks cases“

Excellent!

-Hank



>
> Regards,
> Jordi
>   
>   
>
> El 22/3/19 12:19, "anti-abuse-wg en nombre de Carlos Friaças via anti-abuse-wg" <anti-abuse-wg-bounces at ripe.net en nombre de anti-abuse-wg at ripe.net> escribió:
>
>      
>      On Fri, 22 Mar 2019, Sascha Luck [ml] wrote:
>      
>      > On Thu, Mar 21, 2019 at 11:12:02PM +0100, JORDI PALET MARTINEZ via
>      > anti-abuse-wg wrote:
>      >> 3) We may need to refine the text, but the suspected hijacker, in case of
>      >> sponsored resources, is the suspected hijacker, not the sponsoring LIR
>      >> (which may not even have relation to it). However, some people indicated
>      >> that the direct peer should be also accountable. I think I also mention
>      >> this before, one possible option is to tell the direct peer the first time
>      >> "this is a warning report", please make sure to improve your filters.
>      >
>      > Now I'm confused. In another post, Carlos indicated that someone
>      > who receives a hijacked prefix is a victim and here they are also
>      > Bad People. I'm not sure what to think about a retributive
>      > proposal that can't even keep the "victims" and the "offenders"
>      > apart. In this case ("neighbours are bad") it reminds me of a UK law
>      > that punishes not only an illegal immigrant but also the landlord
>      > who fails to refuse to rent them a flat.
>      
>      Hi,
>      
>      The issue here might be the difference between a peering and a transit
>      relationship.
>      
>      If hijacker Z announces prefix Y to network X. Then network X will
>      route packets towards the hijacker, even if X doesn't propagate prefix Y
>      any further to any other 3rd party networks.
>      
>      An hijacker can join an IXP and announce an hijacked prefix to one, some
>      or all of the IXP's membership. In that case we will have one, some or
>      many victims.
>      
>      Hope it is clear now.
>      
>      Regards,
>      Carlos
>      
>      
>      
>      > rgds,
>      > SL
>      
>      
>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
>
>
>
>
>