[routing-wg] AS201640

In message <545E581F.604 at velea.eu>, 
Elvis Daniel Velea <elvis at velea.eu> wrote:

>as far as I understand, the WG will talk to the RIPE NCC and request an 
>action point from the NCC on whether there is a better way to allow 
>creation of route objects in the RIPE Database for IP addresses or AS 
>Numbers that are assigned/allocated by an other RIR.

...

>Usually, for address space and AS Numbers assigned by the RIPE NCC, you 
>would need two passwords, the AS password and the IP password. In this 
>case, they only needed the AS password as the IP password is public.

The IP password is public?!?

I am sitting here trying to fathom that.  I expect that I may be doing so
for some time yet.

In am online world where essentially _everything_ is password protected,
to be informed that entire (and sometimes even sizable) IP address blocks
are not is... well... a bit mystifying.

So, um, this ``request'' for an ``action point'' that has been sent to
RIPE NCC... Did it contain any helpful suggestions, you know, like along
the lines of ``Maybe a check for non-public passwords would be a Good
Thing?''

(I _do_ understand from the context that this is most likely an issue
that is not confined to RIPE or to any other single RiR.)

>> 2)  How was it possible for a particular Bulgarian commercial organization
>> to be granted its own AS number, when all available evidence seems to
>> indicate that it actually had, and has, -zero- IP addresses which are
>> actually and properly registered to it?  Is there really no pre-checking
>> performed on AS number allocations, e.g. to see if the organization
>> requesting the AS has at least some IP addresses?
>It had a /24 IPv4 PA assigned by the Sponsoring LIR. That IPv4 PA 
>assignment got deleted days after the request for the ASN. That leads me 
>to thinking that the Sponsoring LIR (Nettera Ltd from Bulgaria) knew 
>exactly what they are doing and helped this spammer get it's own ASN,

Ahhhhhhh!  Thank you ever so much for sharing this information.  (So far,
both RIPE NCC and everybody else has been characteristically tight-lipped
regarding attribution for the genesis of this mess.  But where I come
from, the tidbit you just revealed would almost certainly qualify as a
``smoking gun''.)

>> 3)  Why are some of the clearly bogus WHOIS records (for IPv4 blocks)
>> relating to this incident still present within the RIPE WHOIS DB, even
>> as we speak, in particular, these ones?
>>
>> 41.198.224.0/20
>> 119.227.224.0/19
>> 105.154.248.0/21
>> 210.57.0.0/19
>> 202.39.112.0/20
...
>Because this is private data maintained by a maintainer and removing 
>that data can only be done by that maintainer.

RIPE NCC cannot manually go in and remove those records??

>> 4)  Why is AS201640 still registered, as we speak?
>good question.. it's probably because the request of the ASN has never 
>been fraudulent. As far as I know, there is a ticket opened with the 
>RIPE NCC asking them to investigate if the ASN assignment request has 
>been in order. As it has been more than two months since that ticket was 
>opened, I presume they have found nothing fraudulent.

#1)  Is it the consensus view in this WG that AS201640 is entirely non-
fradulent, according to however that term might be defined within the
RIPE region?

#2)  Could you give me that ticket number please?

>> 5)  Without reference to any specific incident, AS, legal entity, or any
>> other specifics, I have the following very general question:
>>
>> With respect to the contracts that RIPE enters into with those parties for
>> whom RIPE provides registration services of *AS numbers*, specifically,
>> are the terms and conditions of those contracts adequate and sufficient
>> to strongly deter any and all AS registrants from deliberately and
>> willfully announcing routes to IP space to which neither they nor any
>> of their direct or indirect customers have any legitimate claim?
>how do you demonstrate that something has been deliberate and not just 
>some fat fingering (typoes)?

Easy.  If multiple (or even several) parties contact the AS and suggest
to them that they should immediately and carefully review what they are
announcing routes for, and if nothing changes after several days, then
what they are doing is, in legal terminology, ``willful and deliberate''.

The law in most jurisdictions _is_ able to recognize the substantial
difference between transient stupidity and deliberate intent, and in
fact _has_ recognized the difference between the two, I would guess
for at least hundreds of years now, if not millennia.  I see no obvious
impediment which would prevent those involved in Internet networking
from likewise being able to discern this distinction.

   http://en.wikipedia.org/wiki/Intention_%28criminal_law%29


Regards,
rfg