<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 04/04/2019 21:36, Gert Doering
wrote:<br>
</div>
<blockquote type="cite" cite="mid:20190404183631.GZ97529@Space.Net">
<pre class="moz-quote-pre" wrap="">Hi,
On Thu, Apr 04, 2019 at 08:32:39PM +0200, Karl-Josef Ziegler wrote:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Also I would to remind all the community that usually what happens to
communities that cannot regulate themselves is that some outsider comes
and regulated them...
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Yes, this is also my opinion. The community should do something against this abusive behavior.
If it isn't done by the community there might be some regulation coming from outside, i.e.
political entities. And I doubt that this will be the better way to handle this problem.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Still targeting the wrong crowd. A few willing Tier1 ISPs would have way
more effect than all policies we do in RIPE land against a rogue ISP that
might not even *be* a RIPE member (or a member of any LIR).</pre>
</blockquote>
<p>Back in 2014 when I ran down a BGP hijack and approached the
tier-1 (CAIDA top 5) that enabled the hijack to take place, their
response was:<br>
</p>
<p>"<i>But� as you point out - we are xxxxxxxxx. There needs to be </i><i><br>
</i><i>a degree of trust between us and our customer.� Also it
would be highly </i><i><br>
</i><i>impractical to have proactive monitoring on all route
changes.� But there </i><i><br>
</i><i>are certain things we block and others that we monitor of
interest.� This </i><i><br>
</i><i>situation is now one of them. </i>"</p>
<p>Less than a year ago I approached a tier-1 that ranked in the top
25 about another BGP hijack.� I approached them 36 hours <b>after
</b>the hijack took place and the response I received from their
NOC was that they approached the hijacker (a direct customer of
theirs) and the response from the hijacker which they forwarded to
me was:</p>
<p><i>We checked the prefixes mentioned in our network and we do not
seen these prefixes and do not advertise to ASN xxxx [HN: tier-1
ASN].</i><i><br>
</i><i>Also these prefixes are not seen in internet from our
network (ASN : xxxxx ). [HN: ASN of hijacker]</i></p>
<p>Of course the prefixes are not seen, since the hijack was for a
few hours.� The tier-1 closed the case.</p>
<p>So if the Internet (5xRIR) could guarantee me that within a year,
the top 100 ASNs in the Internet were filtering properly and
stopping BGP hijacking from occurring, I would pull my support for
this proposal and agree with you.</p>
<p>Regards,</p>
<p>Hank<br>
</p>
<p><br>
</p>
<p><br>
�<br>
<br>
</p>
<p><br>
</p>
<p><br>
</p>
<blockquote type="cite" cite="mid:20190404183631.GZ97529@Space.Net">
<pre class="moz-quote-pre" wrap="">
Gert Doering
-- NetMaster
</pre>
</blockquote>
<p><br>
</p>
</body>
</html>