Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

Wed, 20 Mar 2019 18:03:12 -0700 

In message <alpine.lrh.2.21.1903200737280.5...@gauntlet.corp.fccn.pt>,
Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net> writes

>What you described 

Which was (tedious this top posting approach isn't it!) that in any AS
path you cannot determine externally which of a pair of adjacent AS's is
being wicked  [that would change in a world with BGPSEC, but that is not
the world in which we live]

>also crossed my mind, but as you said "it won't be too 
>hard to figure out".

Yes it will -- the left hand AS will say that the right hand AS
announced the path to them. The right hand AS will deny it.

Both will produce logs from routers and (if the non-genuine log is
expertly forged) the experts will have to guess which AS is being bad

>And when everything is made clear, if a report is filed against AS1, AS1's 
>holder might have a problem, so i see a strong reason for not even trying 
>:-)

In the real world at present, we deduce which AS is wicked from either a
pattern of wickedness (we assume that multiple AS's are not ganging on
someone to frame them) or by assessing the probity of the two ASs from
personal knowledge of their staff, or their business.

I write this (and my earlier remarks about AS numbers) from the
perspective of someone who has spent some considerable time over the
past few years dealing with BGP hijacks[*]. It is generally simple to
work out who the bad guy is sufficiently to put pressure on them to
reform... but it is often the case that you have to say that on balance
it is more likely to be this AS rather than that one.

[*] people may have heard me talk about this at LINX and there is
another opportunity to listen at FIRST in June. I hope to be able to
make the material I have more generally available, but there are
{DAYJOB} constraints on that at present. For clarity (and such vote
counting as may occur) I am very much in favour or a policy that says
that theft of resources is seen as unacceptable by the RIPE community
(it's also illegal, so this is perhaps somewhat unnecessary!) but I am
concerned that people think that assessing what is going on will be a
trivial process and that is very far from the truth.

-- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

Attachment: signature.asc
Description: PGP signature

Reply via email to