This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 2019-03 and over-reach
- Previous message (by thread): [anti-abuse-wg] 2019-03 and over-reach
- Next message (by thread): [anti-abuse-wg] 2019-03 and over-reach
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Carlos Friaças
cfriacas at fccn.pt
Sun Mar 31 19:11:12 CEST 2019
Hi, On Sun, 31 Mar 2019, Richard Clayton wrote: >> 1) The hijackings you mentioned also affect your customers, right? > > I do not believe they did, not all announced space is in use If third parties could receive any of the customer's space is already bad enough. The hijacker could be impersonating the customer towards other networks (not necessarily to every network in the world). >> 2) Do you or your customers report these hijackings (and their impact) to >> somebody? > > The hijacks only came to light due to feedback about spam sending, where > it turned out to be impossible to identify anyone using the IPs that > were sending the spam. In that sense the reporting was the other way. Although the victims (third party networks) directed their reports to the wrong people -- this is why i'm saying impersonating is an advantage to hijackers. >> 3) Is it in your customers' best interest to do nothing? > > I think it's presumptuous to assume that nothing was done. Once it was > understood what was occurring (which took rather longer than I think it > would today) the matter was dealt with and the hijacks ceased If enough harm was already done....... >> 4) Is it in your customers' best interest to "protect" the lack of rules >> about hijacking at registry level? > > Rules do not prevent hijacks -- detection and mitigation do I agree detection and mitigation do, but having no rules is actually helping hijackers. >> As i understand it, if someone provides the RIR with falsified data > > there was no falsified data provided to an RIR in this case I wasn't clear enough. I'm saying the rule about falsified data exists and if someone does that, the RIR is able to act -- today it doesn't have the ability to act regarding hijacks! >> , they >> expose themselves to have a LIR closure (i.e. RIPE-716). Imho, having >> this rule in place is protecting the RIR's long term stability -- the >> point about 2019-03 is that someone doing persistent intentional hijacks >> should be subject to the same "risk". > > I have already pointed you towards IXPs once ... that's where this > example was dealt with. That is precisely another excellent issue. IXPs are by nature "neutral". However, if rules are written, one member that announces hijacked routes will most likely be shown the door. When that happens the IXP is only "enforcing" the rules. In my opinion, the RIR (which also does that in other cases of rule breaking) should be doing the same -- but for that rhe rule needs to be in place. >> I understand your point about partial visibility. With 2019-03 in place, i >> think the incentive for anyone to share their routing view will increase, >> as a way of protection -- i see it as "community protection". > > this is a new point presented without any evidence whatsoever (albeit I > do agree that having more sensors would improve the detection of some > hijacking events). That's basically it... more sensors, better "community protection". > The content of routing tables are often not shared > publicly for reasons of perceived commercial confidentiality -- you It's always a choice not publicly detailing which your neighbors are. I'm only saying more public information helps in "detection". > should elaborate why that shyness would be changed by the proposed > policy (especially given the claims made that hijacking is already easy > to understand with the existing sensor network). I only said it was an incentive to... i'm not suggesting it should be mandatory for every network to export info about who actually are their neighbors. Best Regards, Carlos > -- > richard Richard Clayton > > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 >
- Previous message (by thread): [anti-abuse-wg] 2019-03 and over-reach
- Next message (by thread): [anti-abuse-wg] 2019-03 and over-reach
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]