<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style id="ms-outlook-ios-style" type="text/css">html {
background-color: transparent;
}

body {
color: #333;
line-height: 150%;
font-family: "-apple-system", "HelveticaNeue";
margin: 0;
}

.ms-outlook-ios-reference-expand {
display: block;
color: #999;
padding: 20px 0px;
text-decoration: none;
}

.ms-outlook-ios-availability-container {
max-width: 500px;
margin: auto;
padding: 12px 15px 15px 15px;
border: 1px solid #C7E0F4;
border-radius: 4px;
}

.ms-outlook-ios-availability-container > .ms-outlook-ios-availability-delete-button {
width: 25px;
height: 25px;
right: -12px;
top: -12px;
background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEsAAABLCAYAAAA4TnrqAAAAAXNSR0IArs4c6QAACxpJREFUeAHlnFuMXlUVx/fcOzNtp0ynF0U7hWKrEmKLosZEjUZ9MgZIQBNC0uAtJr745oOJIT74xgskJkQbAlQNJmBMfNDEG0YjEC7GIBQZ6IAI005L79O5+/+dfut0f5dzzt7nu8w37UrWt893zt5rr/U/e6+zL+ucHrcGtLq62q9qd4gnxTeKb6kcc267eEI8Kz4mnhFPi58Rv1g5nunp6VnS8ZVHAqdHPCk+KP6zuBWEHORNinvWNWoYIN4q/o74mLidhHzqob71AxzKij8g/p14LYh6qb97QUM58T7x38TdQOiBPt0FmhQaEf9M3I2EXiNr7tOkBK3pVvGCuJsJ/dCzqVbWWxZxVTygso+InxBz3M2Efuj5SEXvUrqWQloV7lRtT4vfX6rWtS30pqr/uMZp78SqEQ2WgPqQKvmnuKWtaWnFuaWVVbciXl51rk+a9fb2uP6EY80qzL+oHB8RYC8V5vQyRIEloD6tsk965UsdAsyZ+WV35uKyOz+/4uZ0YgmEMqhfyA3397rRoV63eUOf2zzUJxAzMsed/owA+2tokWCwmgVKDcadvLDsZs8vutMXV5zkhepYl08GurENvW5idMCNj/Q5Nb5mKBiwoGoqXe/fZTQCkmNnl9x/Ty+4xZzW0yeLB9WC6Hp0QbLSJRd0sAzSGTSgzO8bG3TbN/W7IGMay/lwSJcslC+gcOZviKN9FC3pjVML7uKi+l0NDakf0Sq2DPe5kYFeh9FZBMgXJOPU3HLSOufpxzW0QTJ2bRlMZNZcCvmLD9slwHKdfraGKi2gAGhKHPXUm1tcdVMn5t05+SWfMGjbaL+7RiABUFkCuHd1I46fX6q7ERvlz/ZsHXLDA7mmNaqap+QeAQZwDSlTooDiGuOouxqWzDjJ3X91dj55slkWWs216io7musqJi5N6Zwz6uJv1XRxnqA3TAwlrTbNHHZwWNnuFmAN+30eWLeqIAO5YHr7zKK63WLqvPFDOzcNuPeODSR+KFhQZEb82/9OL7p3zi6m/k0Gq1sOuPdsjvYet6nsrxup0BAstSrmUqfEQTVxG147seCOn7vcguly+7ZtKNMdGukZdI7uf+T4xaquuW3jgLt+62CM88eILQLsQm2ldY6j0v3uV8YgoBBYC9SYxkI37RzuKFDogZ+iXuo34gaiXwRh9/0VHKqK1bUsZdqnHC9X5cr5Q9ebfveyMnS73eODOSU6c+noyYWkW1ptk9cMxnbJD6p1HbHypFUtq4LmIT9D3jHOHB9l1C1AoQ83DH2M0BN9I+hQbeuqAkuCbhB/KkQg/oGnngQm2Wn63dCifN3Rx7okeqIvegcSOIBHSilYFRQfSK8UHDCOYuIL4cz3ypl3I6EX+kHoi94R9IDfulKwJGBc/KUQQYzMbcDJ8ICnXp8vKURIh/Kg1yX9Lrln9Eb/QAIPcEnIN/FOO5mX0paYwhjhF0qMlq14R1L0q/ZfCy64MzqX4pKAVWlq94ZozqTY5nqMzBlwrgdCT5t/oj92BNK91hWtZe1SwW1FhXFRrB4YMYXJmf9atiRl7vvz52fd4/86GXNXq2TYH1oFch59blZ+yM7mp+iJvkbYkbOYYdlIwQV8HNvo0OcuJfm/9HVbZsFpMtcLpV++MOvuPvyfJPs9n9jufnrnnphRdVoNQH3jsSl36Cl29l0i466b2e0vJvRlSkTLwg7smRi9PIDNkQA+D1nL+nZOxvQSC3dGrB7oZgXTcOWJRAEMxeAIv5HUUwsUJ325SaacH/RFbyPfHjuXkR7kfK/6I03sk/zJI5o7K5xGLLPE0O03jTtalFEsYI2AQt5tkhtDvt7YE9iNPyuckpXsj4VUxnq5CiRZWbiLXY/irtL1ygCWBVSZroze6A9hD3YF0g5KMRcsJDYYjFjhLENlAGslUKazr79vl13PSCeDwWIXxoil4LIUA1g7gEJvX3/frgKbbgSsvQWZkstsVxnFdkErZ2kIYO0CCh18/X27TL+M9BbA2ppxMT0NTravx/TGBndphhIHeYCx8ukPDxDfzHCjVj30xw4Iu7x2UJvV/z/Jc3STf6bRsU2YucZ2VavIAEOejZtIn5w6qxWCubSaVgJlQrFjrjIqxT7W7QsocfCFYPn7dnZHCgQHXzbA/Kdku4FCOd8O374cxXfSDYdzMiSX/GlB8Q0oklZ/HcAevGOPdmSqVeE/5wvveb3IwjO+Hb59OQXHAatuYb62QAnBtSJy/+PMv/WrqaquRwFaGOe53mrCLxoFepZZwDpnhbLSEk02S1TdeXSudeZ+C4sd6ddVkHGC0AAjQgYC6BhgnS3K6Ds/Yg9aRY2Awne9/P39pUb6MXr5dvj25ciYAawTORmSS8wOCPuBcIa28pCcKPmTBRRTGKoqOzUKUQf9zaljV2X2U1R0GrBeKcrFdeKjjIg1aIbygLIOQdouwHz9fbsKbHoGBKr2xrIKEEhmFLmlZMWSNAQoK9AuwHz9fbus3oz0xWCwiLYziljwtyJJGgOUFWwHYL7+RBIGUtINnw3JjFCCLSDio/ymHFK+DFAmt5WAobfFd2GP3wisvox0plcFpnXxtYwM6WlcFqGJRsRHxdATWjO3KQ3lYqcwWYAhN4Z8vbHHc8V5Yv4inJbM+j/l5bRrxHAaEUhGawmlOe+hEAuU1dEIMF+u5ctK0Re9jXx77FxG+hDnqZ8Vw68p+QXHecQ47vm3LqRDh93jQ9qPu7ymnVeWmT2bFqyZs8ScVJxXIOcaRtOiAOqr+ydCW4c2K5bc0ZOXdqRZeThw7Uho8O5ueqCBtVH1E085mqNjcolIu9e9CverwsoQrKjoml5nLP2Cd6Ov040O3J06LsV3CKzVpBvqgClPUJQfUcEWO8Dgjoi79UDoaYNp9MeOQPohQJHXfBbHD/NTRDRFooKN2IeLiEyxYh1N0e9t6WmE/hFu4DEr54P1B50MGs2z4E9UMMS0gdDE5eYG9YmsdvygF/rZxBm9/Q2Lgjp/r+vp4zYFS00Nc39cUDi9TPi0TUDZ4X1FCnUjoZfFZqAvekfQd60LUiYFqyLgUaXTlePchMgUwqclLMl3WvtvhCZ2E6EPekHoib4RET9/V7FXk8KVnyqwJJBByI/8DHnHbCkRPm2E/+oWwGpjStHT3wIznXPSe/xWRb4qsCoFDyl9qnJcmBBnTvi0EYC9NLN2PgwfRf3oYYR+kfHwYFDnvxs+FDRIPaDMfHQiaJbJc7U2vJvH85UWB98QLNnOqP4+Jd/jOJTW+g0Lhgf21MNHdeQNC8ARWAymcHIf5X8osVZ01b27AzgC7Holz4nH+B9KDAKvqrfCDBgB9hUdPy4O8l9WjpRFtqvmfUMzXIB9U8cP2v+YFOcf8yYr227sTLHCwexgXb3JasAIsB/oOHgMZuUsxXha2hX/jrQZ3CxgJoe1LSLuCCSLfvteczuWuANXOK3KrDT4ZXIEZA4dsqRXuuRPdD3ah2XJ5DwAEs1C16MV0hXpksznWgSMXz0j1vZ+18FqE2A4/YfFUU9JK7/G6Zuqv9QXQxpNdwpt0YDvN8p0szhoZ6hQYOcyHFZVvDSe+5Z9W9RRCxsU3ydeEnczteQrRy0BUSgdEP+jS9Hqju9n+UgLKL6l9XXx0S4BrTu/zFYDWr/AOig+skagdf83/3zAOBZQvOryRTEf+Donbid15GuS0eOsWlBC/gsl9iW/LP6C+PPi68TN0usS8EcxH6z4be2qZrPCG5XvCFi1FQu8SZ1j6YdXYeC9YuLxiZyGicQltpuoRPiEmJVLwqPgZwXOtNKO0v8BzRAPSFNM7HEAAAAASUVORK5CYII=");
background-size: 25px 25px;
background-position: center;
}

#ms-outlook-ios-main-container {
margin: 0 0 0 0;
margin-top: 120;
padding: 8;
}

#ms-outlook-ios-content-container {
padding: 0;
padding-top: 12;
padding-bottom: 20;
}

.ms-outlook-ios-mention {
color: #333;
background-color: #f1f1f1;
border-radius: 4px;
padding: 0 2px 0 2px;
pointer-events: none;
text-decoration: none;
}

.ms-outlook-ios-mention-external {
color: #ba8f0d;
background-color: #fdf7e7;
}

.ms-outlook-ios-mention-external-clear-design {
color: #ba8f0d;
background-color: #f1f1f1;
}</style>
<meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0">
</head>
<body style="-webkit-tap-highlight-color: rgba(0, 0, 0, 0);">
<div style="direction: ltr;">
<div style="direction: ltr;">+ Brian - how appropriate is it to call other posters liars like this?</div>
<div><br>
</div>
<div class="ms-outlook-ios-signature">
<div style="direction: ltr;">--srs</div>
</div>
</div>
<div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="dir="ltr""><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Sascha Luck [ml] <aawg@c4inet.net><br>
<b>Sent:</b> Wednesday, March 20, 2019 8:42 PM<br>
<b>To:</b> Hank Nussbacher<br>
<b>Cc:</b> Ricardo Patara; anti-abuse-wg@ripe.net<br>
<b>Subject:</b> Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
<div> </div>
</font></div>
>If you are a victim (someone has abused your network), then just prove <br>
>it and the policy won't apply and the hivemind will even assist you in <br>
>cleaning your router.<br>
<br>
LOL, two of the oldest lies in history neatly rolled into one<br>
statement:<br>
<br>
"If you have done nothing wrong you have nothing to fear" and<br>
"I'm from $agency, I'm here to help you"<br>
<br>
rgds,<br>
Sascha Luck<br>
<br>
<br>
><br>
>Regards,<br>
>-Hank<br>
><br>
>>On this line of one ISP trying to make damage to other.<br>
>><br>
>>One might abuse a vulnerable router (thousand out there), create a <br>
>>tunnel to it and announce hijacked blocks originated from victims <br>
>>ASN.<br>
>><br>
>>Both, victim ASN and vulnerable router owner, would be damaged and <br>
>>no traces of criminal.<br>
>>How could they defend themselves to the so called group of experts?<br>
>><br>
>>And things in this line had happened already.<br>
>><br>
>>Regards,<br>
>><br>
>>On 20/03/2019 07:46, furio ercolessi wrote:<br>
>>>On Wed, Mar 20, 2019 at 11:01:30AM +0300, Andrey Korolyov wrote:<br>
>>>>><br>
>>>>><br>
>>>>>And when everything is made clear, if a report is filed <br>
>>>>>against AS1, AS1's<br>
>>>>>holder might have a problem, so i see a strong reason for not even trying<br>
>>>>>:-)<br>
>>>>><br>
>>>>><br>
>>>>Out of interest, take an AS1 with single malicious upstream AS2, <br>
>>>>what stops<br>
>>>>AS2 to pretend that AS1 has made bogus announcements and make them for its<br>
>>>>own purposes? This situation looks pretty real without RPKI or other<br>
>>>>advertisement strengthening methods, as I could see. How experts are<br>
>>>>supposed to behave in this situation?<br>
>>><br>
>>>This has been seen many times, even chain situations like<br>
>>><br>
>>><upstreams and peers> - AS X<br>
>>> \<br>
>>> AS 3 - AS 2 - AS 1<br>
>>> /<br>
>>><upstreams and peers> - AS Y<br>
>>><br>
>>>where X and Y are legitimate ISPs, while {1,2,3} is basically a <br>
>>>single rogue<br>
>>>entity - or a set of rogue entities closely working together with a common<br>
>>>criminal goal.<br>
>>><br>
>>>In such a setup, AS 1 should be considered as the most <br>
>>>"throw-away" resource,<br>
>>>while AS 3 would play the "customer of customer, not my business" role,<br>
>>>and AS 2 would play the "i notified my customer and will disconnect them<br>
>>>if they continue" role. When AS 1 is burnt, a new one is made - with<br>
>>>new people as contacts, new IP addresses, etc, so that no obvious <br>
>>>correlation<br>
>>>can be made. Most of the bad guys infrastructure is in AS 3 and <br>
>>>that remains<br>
>>>pretty stable because their bad nature can not be easily demonstrated.<br>
>>><br>
>>>Whatever set of rules is made against hijacking, it should be assumed that<br>
>>>these groups will do everything to get around those rules, and many AS's<br>
>>>can be used to this end. Since there is no shortage of AS numbers, I<br>
>>>assume that anybody can get one easily so they can change them as if they<br>
>>>were underwear.<br>
>>><br>
>>>And yes, unallocated AS's in the AS 1 position, announcing unallocated IPs,<br>
>>>have also been seen. Those are even easier to get :-)<br>
>>><br>
>>>So the ideal scheme to counteract BGP hijacking should be able to climb up<br>
>>>the BGP tree in some way, until "real" ISPs are reached.<br>
>>><br>
>>>Nice discussion!<br>
>>><br>
>>>furio ercolessi<br>
>>><br>
>>><br>
>><br>
>><br>
><br>
<br>
</div>
</body>
</html>