This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[routing-wg] [db-wg] The Ongoing Summer of Hijacks: MNT-SERVERSGET / dnsget.top

Previous message (by thread): [routing-wg] [db-wg] The Ongoing Summer of Hijacks: MNT-SERVERSGET / dnsget.top
Next message (by thread): [routing-wg] 2nd call for presentations RIPE 77

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ronald F. Guilmette rfg at tristatelogic.com
Thu Aug 16 01:28:31 CEST 2018

In message <20180815.102137.2031302831757015708.he at uninett.no>, 
Havard Eidnes <he at uninett.no> wrote:

>However, if the address space is out-of-region, the authorization
>checks for the address space is dropped / ignored, and only the
>authorization for the AS object is used, allowing the
>registration of route objects without the consent of the address
>space holder.  I suspect it is this loop-hole which is being
>abused to register the route objects you are mentioning.

I believe that the above analysis is not only correct, but also both
self-evident and already well-known.

It is my understaing that this "loop-hole" is so well known, in fact,
and that it has already been so frquently abused that come September 4th
of this year... less than three weeks from now... this loop-hole will
be formally, finally, and officially closed for good, at least with
respect to -new- route objects.  (As I understand it, all of the ones
that are already in the data base as of September 4 will be left there, but
will be tagged in some manner to indicate their potential unreliability.)

It is Good that this step is, at long last, being taken, but that does
not do anything at all to address the underlying question that I have
asked, and which remains unanswered, and which I quote here again, for
the benefit of those who may have missed it the first time:

    Who exactly does one need to kill, maim, or seriously wound in order
    to get kicked out of this organization (RIPE)?

I sense that the RIPE community attitudes about hijacking -and- even
hijacking which has been materially aided and abetted by the introduction
of fradulent route objects into the RIPE data base is just one that
could best be summed up in that old saying "Oh Well!  Boys will be boys!"

I am not persuaded that this sort of lackadaisical and laissez-faire
attitude towards this kind of situation is even close to an appropriate 
response, given that fact that litteral billions of people actually
rely on this thing we call the Internet every day of the week.  This isn't
just a private little boy's club anymore, and the days when these types
of antics could just be winked at, and smirked at have passed away some
time ago already.  It's time that RIPE stopped -fostering- this sort
of bad behavior by consistantly doing nothing about it, and just allowing
the perpetrators to keep their legitimately allocated ASNs, address space,
memberships, etc.

Regards,
rfg

Previous message (by thread): [routing-wg] [db-wg] The Ongoing Summer of Hijacks: MNT-SERVERSGET / dnsget.top
Next message (by thread): [routing-wg] 2nd call for presentations RIPE 77

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ routing-wg Archives ]