Hi Suresh, Hank, All,


On Thu, 5 Sep 2019, Suresh Ramasubramanian wrote:

Hijacked route announcements can be carefully targeted to just a victim AS for 
any attack.

Yes, they can -- and several cases (as far as i read) were already seen when that was done over an IXP.

But that doesn't mean that "hijacked" announcement has to be 100% invisible, e.g. if the victim AS is sharing their routing view with someone else... :-)


If that victim AS holder complains to their national CERT the language here precludes the CERT from reporting into RIPE.

It might, yes (and that's not optimal), but the victim AS folks could also theoretically do it by themselves...



That is a technicality as I can't imagine RIPE would refuse reports from a CERT, but it is worth fixing.

*Today*, is there any way for a CERT (National or not) or any victim AS to do it...?

(I know that this is already possible in LACNIC.
They have WARP -- <pub> https://warp.lacnic.net </pub>)


Cheers,
Carlos



On 05/09/19, 8:26 PM, "anti-abuse-wg on behalf of Carlos Friaças via anti-abuse-wg" 
<anti-abuse-wg-boun...@ripe.net on behalf of anti-abuse-wg@ripe.net> wrote:



   On Thu, 5 Sep 2019, Hank Nussbacher wrote:

   > On 05/09/2019 16:23, Marco Schmidt wrote:
   >
   > "A.3.1. Reporting
   > Only persons directly affected by a suspected hijack can report to the RIPE
   > NCC that another party has announced resources registered to or used by the
   > reporter without their consent. "
   >
   > This thereby precludes any national CERT from reporting to the RIPE NCC any
   > suspected hijacks since they are not directly affected.  Can this text be
   > modified?


   Hi Hank, All,

   If a national CERT receives an hijacked route, it *is* affected -- in the
   sense their packets will go towards a wrongful destination.

   Not sure if the issue is with "person" vs. "organization", but a person
   should be able to report it on behalf of an affected organization...

   Regards,
   Carlos


   > Regards,
   > Hank
   >
   >> Dear colleagues,
   >>
   >> Policy proposal 2019-03, "Resource Hijacking is a RIPE Policy Violation" 
is
   >> now in the Review Phase.
   >>
   >> The goal of this proposal is to define that BGP hijacking is not accepted
   >> as normal practice within the RIPE NCC service region.
   >>
   >> The proposal has been updated following the last round of discussion and 
is
   >> now at version v2.0. Some of the changes made to version v1.0 include:
   >> - Includes procedural steps for reporting and evaluation of potential
   >> hijacks
   >> - Provides guidelines for external experts
   >> - Adjusted title
   >>
   >> The RIPE NCC has prepared an impact analysis on this latest proposal
   >> version to support the community?s discussion. You can find the full
   >> proposal and impact analysis at:
   >> https://www.ripe.net/participate/policies/proposals/2019-03
   >> 
https://www.ripe.net/participate/policies/proposals/2019-03#impact-analysis
   >>
   >> And the draft documents at:
   >> https://www.ripe.net/participate/policies/proposals/2019-03/draft
   >>
   >> As per the RIPE Policy Development Process (PDP), the purpose of this four
   >> week Review Phase is to continue discussion of the proposal, taking the
   >> impact analysis into consideration, and to review the full draft RIPE
   >> Policy Document.
   >>
   >> At the end of the Review Phase, the Working Group (WG) Chairs will
   >> determine whether the WG has reached rough consensus. It is therefore
   >> important to provide your opinion, even if it is simply a restatement of
   >> your input from the previous phase.
   >>
   >> We encourage you to read the proposal, impact analysis and draft document
   >> and send any comments to <anti-abuse-wg@ripe.net> before 4 October 2019.
   >>
   >>
   >> Kind regards,
   >>
   >> Marco Schmidt
   >> Policy Officer
   >> RIPE NCC
   >>
   >>
   >
   >

Reply via email to