This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] The Ongoing Summer of Hijacks: MNT-SERVERSGET / dnsget.top
- Previous message (by thread): [routing-wg] [exec-board] The Ongoing Summer of Hijacks: MNT-SERVERSGET / dnsget.top
- Next message (by thread): [routing-wg] /24 prefix "hijackability" metric (defining "better than avg AS")
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nigel Titley
nigel at titley.com
Thu Aug 23 11:15:04 CEST 2018
Dear Ronald, I've grouped some of your questions together for the sake of brevity. 1. Isn't RIPE already regulating route objects through restrictions in the RIPE Database? What about the upcoming changes to out-of-region objects? Sorry if I was unclear on this point. It's important to note the distinction between RIPE (community/policy-setting) and the RIPE NCC (legal organisation/implementation). The RIPE community is absolutely able to set policy or issue directions to the RIPE NCC that would regulate the creation of route objects (such as the existing features in the RIPE Database or the upcoming changes with out-of-region objects). However, while RIPE has this ability - the RIPE NCC requires an explicit mandate or instructions from the community. So, my original point stands - it's not the RIPE NCC or the Board you should be addressing your comments to. If the RIPE community instructs the RIPE NCC to monitor or validate route objects in the RIPE Database, then that is what the organisation will do. If the community could reach consensus on what a fraudulent route object looked like, that would be a start. Again, the RIPE Policy Development Process is there for you to suggest an approach that satisfies all stakeholders. 2. What does the RIPE NCC do when members are repeatedly caught making fraudulent route objects? For what reasons can the RIPE NCC close a member? The RIPE NCC does not have a mandate to determine whether route objects in the RIPE Database are valid. Therefore, "caught" doesn't mean much in this context - especially if the community hasn't provided a definition of "fraudulent". Because the organisation doesn't have a mandate, it can't take any action against its members for this behaviour. Similarly, the community has never given the RIPE NCC a mandate to examine murder cases - so to reference your other question - a member would not be closed down for murdering or maiming someone. And to be frank, I think we have the community's support on this. It's not the role of the RIPE NCC to investigate murders, or any other crime for that matter. In your email, you asked what behaviour would be so extreme that the RIPE NCC would be finally obliged to close down a member. In all cases where members have been closed, it was because they violated the terms of their Standard Service Agreement (SSA) with the RIPE NCC. It's therefore important to approach this in terms of whether they broke their agreement, rather than the severity of their behaviour. The reasons for which the RIPE NCC can terminate a membership are listed here: https://www.ripe.net/publications/docs/ripe-697 A few more members have been closed since the four you referenced. This has come from an increase in members attempting to gain control of other people's IPv4 addresses or opening LIR accounts with fraudulent or untruthful information. In 2018 so far, 58 LIRs have been closed for these reasons (up from five in 2016 and four in 2017). A further five have been closed in 2018 for unresponsiveness. A member could be closed for failing to maintain accurate data in the RIPE Database - but the document linked above explains what types of data must be maintained, and this does not include route objects. Also, because the RIPE NCC is concerned primarily with correct registration, it will work with the resource holder to update their information in the first instance. A member has never been closed for this reason, and it would only happen after they had been given ample opportunity to correct their data. This is consistent with guidance from the RIPE community. 3. On brokers Regarding brokers, there are certain legal considerations when deciding whether to break the agreement with them - especially if this would be on the basis of allegations the organisation is unable to take a position on. The RIPE NCC has canceled two broker agreements in cases where a broker was found to have violated the terms of their agreement (spamming RIPE Database contacts). As an aside, it's worth noting that brokers don't pay anything to the RIPE NCC as part of this agreement. Ronald, I trust that this has adequately clarified the RIPE NCC's position. If you have any further comments, I suggest you share them with your colleagues in the relevant working group, or perhaps consider attending a RIPE Meeting where we could discuss this in person. Best Regards Nigel Titley Chairman of the RIPE NCC Executive Board
- Previous message (by thread): [routing-wg] [exec-board] The Ongoing Summer of Hijacks: MNT-SERVERSGET / dnsget.top
- Next message (by thread): [routing-wg] /24 prefix "hijackability" metric (defining "better than avg AS")
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]