[anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)

Hi Suresh, Hank, All,


On Thu, 5 Sep 2019, Suresh Ramasubramanian wrote:

> Hijacked route announcements can be carefully targeted to just a victim AS for any attack.

Yes, they can -- and several cases (as far as i read) were already seen 
when that was done over an IXP.

But that doesn't mean that "hijacked" announcement has to be 100% 
invisible, e.g. if the victim AS is sharing their routing view with 
someone else... :-)


> If that victim AS holder complains to their national CERT the language 
> here precludes the CERT from reporting into RIPE.

It might, yes (and that's not optimal), but the victim AS folks could 
also theoretically do it by themselves...



> That is a technicality as I can't imagine RIPE would refuse reports 
> from a CERT, but it is worth fixing.

*Today*, is there any way for a CERT (National or not) or any victim AS to 
do it...?

(I know that this is already possible in LACNIC.
They have WARP -- <pub> https://warp.lacnic.net </pub>)


Cheers,
Carlos



> On 05/09/19, 8:26 PM, "anti-abuse-wg on behalf of Carlos Friaças via anti-abuse-wg" <anti-abuse-wg-bounces at ripe.net on behalf of anti-abuse-wg at ripe.net> wrote:
>
>
>
>    On Thu, 5 Sep 2019, Hank Nussbacher wrote:
>
>    > On 05/09/2019 16:23, Marco Schmidt wrote:
>    >
>    > "A.3.1. Reporting
>    > Only persons directly affected by a suspected hijack can report to the RIPE
>    > NCC that another party has announced resources registered to or used by the
>    > reporter without their consent. "
>    >
>    > This thereby precludes any national CERT from reporting to the RIPE NCC any
>    > suspected hijacks since they are not directly affected.  Can this text be
>    > modified?
>
>
>    Hi Hank, All,
>
>    If a national CERT receives an hijacked route, it *is* affected -- in the
>    sense their packets will go towards a wrongful destination.
>
>    Not sure if the issue is with "person" vs. "organization", but a person
>    should be able to report it on behalf of an affected organization...
>
>    Regards,
>    Carlos
>
>
>    > Regards,
>    > Hank
>    >
>    >> Dear colleagues,
>    >>
>    >> Policy proposal 2019-03, "Resource Hijacking is a RIPE Policy Violation" is
>    >> now in the Review Phase.
>    >>
>    >> The goal of this proposal is to define that BGP hijacking is not accepted
>    >> as normal practice within the RIPE NCC service region.
>    >>
>    >> The proposal has been updated following the last round of discussion and is
>    >> now at version v2.0. Some of the changes made to version v1.0 include:
>    >> - Includes procedural steps for reporting and evaluation of potential
>    >> hijacks
>    >> - Provides guidelines for external experts
>    >> - Adjusted title
>    >>
>    >> The RIPE NCC has prepared an impact analysis on this latest proposal
>    >> version to support the community?s discussion. You can find the full
>    >> proposal and impact analysis at:
>    >> https://www.ripe.net/participate/policies/proposals/2019-03
>    >> https://www.ripe.net/participate/policies/proposals/2019-03#impact-analysis
>    >>
>    >> And the draft documents at:
>    >> https://www.ripe.net/participate/policies/proposals/2019-03/draft
>    >>
>    >> As per the RIPE Policy Development Process (PDP), the purpose of this four
>    >> week Review Phase is to continue discussion of the proposal, taking the
>    >> impact analysis into consideration, and to review the full draft RIPE
>    >> Policy Document.
>    >>
>    >> At the end of the Review Phase, the Working Group (WG) Chairs will
>    >> determine whether the WG has reached rough consensus. It is therefore
>    >> important to provide your opinion, even if it is simply a restatement of
>    >> your input from the previous phase.
>    >>
>    >> We encourage you to read the proposal, impact analysis and draft document
>    >> and send any comments to <anti-abuse-wg at ripe.net> before 4 October 2019.
>    >>
>    >>
>    >> Kind regards,
>    >>
>    >> Marco Schmidt
>    >> Policy Officer
>    >> RIPE NCC
>    >>
>    >>
>    >
>    >
>