[anti-abuse-wg] 2019-03 and over-reach

In message <alpine.LRH.2.21.1903311120210.29965 at gauntlet.corp.fccn.pt>,
Carlos Friaças via anti-abuse-wg <anti-abuse-wg at ripe.net> writes

>On Sat, 23 Mar 2019, Lu Heng wrote:
>
>(...)
>> And for the record, it?s in my short term interest to have that policy 
>> as we do suffer from time to time hijackings, and I made presentation in 
>> this working group how more half million of our IP get hijacked for half 
>> a year.

Lu Heng can of course reply, but I have some familiarity with this
particular episode

>1) The hijackings you mentioned also affect your customers, right?

I do not believe they did, not all announced space is in use

>2) Do you or your customers report these hijackings (and their impact) to 
>somebody?

The hijacks only came to light due to feedback about spam sending, where
it turned out to be impossible to identify anyone using the IPs that
were sending the spam. In that sense the reporting was the other way.

>3) Is it in your customers' best interest to do nothing?

I think it's presumptuous to assume that nothing was done. Once it was
understood what was occurring (which took rather longer than I think it
would today) the matter was dealt with and the hijacks ceased

>4) Is it in your customers' best interest to "protect" the lack of rules 
>about hijacking at registry level?

Rules do not prevent hijacks -- detection and mitigation do

>As i understand it, if someone provides the RIR with falsified data

there was no falsified data provided to an RIR in this case

>, they 
>expose themselves to have a LIR closure (i.e. RIPE-716). Imho, having 
>this rule in place is protecting the RIR's long term stability -- the 
>point about 2019-03 is that someone doing persistent intentional hijacks 
>should be subject to the same "risk".

I have already pointed you towards IXPs once ... that's where this
example was dealt with.

>I understand your point about partial visibility. With 2019-03 in place, i 
>think the incentive for anyone to share their routing view will increase, 
>as a way of protection -- i see it as "community protection".

this is a new point presented without any evidence whatsoever (albeit I
do agree that having more sensors would improve the detection of some
hijacking events). The content of routing tables are often not shared
publicly for reasons of perceived commercial confidentiality -- you
should elaborate why that shyness would be changed by the proposed
policy (especially given the claims made that hijacking is already easy
to understand with the existing sensor network).

-- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20190331/6e025495/attachment.sig>