Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

[Ronald F. Guilmette]

In message , you wrote:

>This is going to be somewhat challenging ... since there are a
>substantial number of well-known (and generally non-abusive entities)
>who are announcing unallocated address space, and in many cases they
>have been doing so for years on end.

Yea.  Ya know, this guy was also carrying on, "legitimately" for years
and years, and everybody believed that what he was doing was perfectly
legitimate, right up until the day when nobody did:

https://en.wikipedia.org/wiki/Bernie_Madoff

If it's not your assigned space, then it's not your assigned space.
This isn't, like, complicated or anything.

For anyone who ernestly believes that coloring outside of the lines
is in some cases acceptable, I'd like to see you try that by driving
on the Wrong Side of the autobahn sometime.

The lines are there for a reason.


Regards,
rfg


P.S.   In my own country, there was in fact lots and lots of "open"
land, about a century and a half ago or so, and cattlemen of that
era did in fact graze, water and walk their heards on and across
such lands routinely, and without paying anyone or anything for the
privilege.

If a majority of the RIPE community wants to have an IP equivalent
of such "open range" grazing land, then so be it.  I would just
suggest that before deciding to support this, you all watch the
movie "Open Range" with Kevin Kostner and Robert Duvall and take
note of the potential for homicidal conflict over the rights to
use such open real estate before you decide to support this sort
of thing.  If nobody owns it but everyone is allowed to use it,
havoc and mayhem have historically ensued.

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

[Carlos Friaças via anti-abuse-wg]

Hi,

Firstly, thanks for your valuable input!

Looking at Geoff's Bogons list, i understand "substantial". :-)

Maybe "have been doing so for years on end" can possibly be a factor to 
exclude from this proposal's scope in the next version. On the other hand, 
if the idea is to contribute to shorten that list (as you said, it is 
undesirable to see any prefix there) then a transition period might be 
needed.


The misuse of AS numbers was not seen (maybe until now...) as a frequent 
event (and thus a priority), but if someone is (mis)using an AS number 
that belongs to a third party, then it should also be stated in writing 
that this practice is a violation of RIPE policy -- and of course, allow a 
path for the affected party to issue a report about that.


Best Regards,
Carlos


On Tue, 19 Mar 2019, Richard Clayton wrote:


In message , Marco Schmidt
 writes


The goal of this proposal is to define that BGP hijacking is not accepted as
normal practice within the RIPE NCC service region.

You can find the full proposal at:
https://www.ripe.net/participate/policies/proposals/2019-03




The announcement of unallocated address space to third parties is also
considered a policy violation and is evaluated according to the same
parameters.



This is going to be somewhat challenging ... since there are a
substantial number of well-known (and generally non-abusive entities)
who are announcing unallocated address space, and in many cases they
have been doing so for years on end.

I understand there is a mixture of long term disputes about allocations;
failures to keep contact addresses up-to-date (so that allocations are
withdrawn) and doubtless also intentional usage of resources that have
not been allocated.

Geoff Huston publishes a list on a daily basis:

   http://www.cidr-report.org/as2.0/#Bogons

For the avoidance of doubt, I think it is most undesirable that any
prefix appears on the list -- but I am pragmatic enough to accept that
there are significant difficulties in dealing with the complexities
which are behind those announcements.


BTW: Geoff Huston's data gathering exercise also identifies the usage of
AS numbers that are not currently allocated. Again, much of this usage
is very long standing and failure to "grandfather it in" in some manner
is likely to cause a substantial workload and the deeming of many
legitimate companies to be in breach of RIPE norms -- which is going to
tend to make the impact of the policy rather less than might be hoped.

That all said -- why does the proposed policy not address the misuse of
AS numbers as well as the misuse of prefixes ?

--
richard   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

[Ronald F. Guilmette]

In message ,  
Marco Schmidt  wrote:

>You can find the full proposal at:
>https://www.ripe.net/participate/policies/proposals/2019-03
 
Anyway who knows the first thing about me will know that I'm
strongly in favor of the general thrust of this proposal,
generally speaking.  In fact I would only want to quibble
with a few of the finer points of the implementation details.
 
With respect to those, I'd like to see there be a bit more
formality (in the specification of the adhjudication procedures),
and a bit less (mandated) fooling around before any particular
"deliberate" hijacker can be formally and finally kicked to
the curb.

I have a lot of thoughts about how all this could be and should
be structured and operated, but I don't want to bring in too
much of that fine detail at this point in the discussion for
fear that it might obscure the more fundamental question on the
table, which is simply whether or not this is a good idea gnerally.
(I personally think that it is.)  So for now I'll just say that
I think this proposal is on the Right Track generally, and that
I think that it can be and should be revised and evolved to make
all of the adjuducation procedures transparent, faster, and yet
still unarguably fair to those accused.

Mostly, I personally would like to see the time frames specified
in the current draft tightened up (i.e. reduced) generally, and
the entire process streamlined somewhat.  These are not capital
murder cases we are talking about after all!

Specifically, I think that it should be adequate to have there
be a period of *no more than* two weeks, during which the case is
argued, by both the accused and (perhaps) by an NCC staff member
presenting the case for the prosecution, all in front (via email)
of a smallish set of adjuducators (perhaps five, chosen by random
lots) after which there should be a period of *no more than* one
week of deliberation, and then a final judgement and report.  And
lastly, after that, I think that it would be more than sufficient
if there were only one avenue of appeal, which would be to the
RIPE Board, which would be required to decide any appeal within
*no more than* four weeks.

In practice, I think that even these time frames will, in the end,
be seen to have been excessively and pointlessly generous in virtually
all actual cases.  I am thinking back on all of the cases I have seen
of deliberate hijacks, and there have been many of those.  None of
those cases was really very ambiguous at all, and none of them would
have required more than a day or two, once all of the facts were
gathered, to persuade any reasonable and knowledgable observer of
the truth of what had happened and/or its clearly deliberate nature.
Nor would any of those who had been caught red handed pulling this
kind of nonsense ever be at all likely to appeal from the obvious
facts.  But due proces is never something to be dispensed with lightly,
and we should not do so in this instance.  Thus, I agree that it *is*
necessary to have a formal and fair process, including a right of
appeal.  I just hope that it can be moved along at a rather more
rapid pace (even in the worst case) than what the proposal at hand
is currently calling for.


Regards,
rfg

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

[Richard Clayton]

In message , Marco Schmidt
 writes

>The goal of this proposal is to define that BGP hijacking is not accepted as 
>normal practice within the RIPE NCC service region.
>
>You can find the full proposal at:
>https://www.ripe.net/participate/policies/proposals/2019-03



The announcement of unallocated address space to third parties is also
considered a policy violation and is evaluated according to the same
parameters.



This is going to be somewhat challenging ... since there are a
substantial number of well-known (and generally non-abusive entities)
who are announcing unallocated address space, and in many cases they
have been doing so for years on end.

I understand there is a mixture of long term disputes about allocations;
failures to keep contact addresses up-to-date (so that allocations are
withdrawn) and doubtless also intentional usage of resources that have
not been allocated.

Geoff Huston publishes a list on a daily basis:

http://www.cidr-report.org/as2.0/#Bogons

For the avoidance of doubt, I think it is most undesirable that any
prefix appears on the list -- but I am pragmatic enough to accept that
there are significant difficulties in dealing with the complexities
which are behind those announcements.


BTW: Geoff Huston's data gathering exercise also identifies the usage of
AS numbers that are not currently allocated. Again, much of this usage
is very long standing and failure to "grandfather it in" in some manner
is likely to cause a substantial workload and the deeming of many
legitimate companies to be in breach of RIPE norms -- which is going to
tend to make the impact of the policy rather less than might be hoped.

That all said -- why does the proposed policy not address the misuse of
AS numbers as well as the misuse of prefixes ?

-- 
richard   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755


signature.asc
Description: PGP signature

Re: [anti-abuse-wg] [routing-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) to be discussed on Anti-Abuse Working Group Mailing List

[JORDI PALET MARTINEZ via anti-abuse-wg]

 

What I'm trying to say is that *direct* peers are responsible for leaks as well 
(with un/misconfigured prefix list policy). Any other ASN simply have no strict 
method and no prior knowledge to determine legitimacy of the prefix announce, 
is should seem 

 

Just trying to act as the evil advocate, to know others opinions.

 

obvious. I personally don't believe that introduction of this policy will 
somehow change behavior of small companies who accidentally causing hijacks 
from time to time, but for their (larger at most) upstreams/peers the policy 
violation is something they want to prevent. 

 

Again, in our LACNIC proposal we have considered that incidental issues will 
also be communicated to those that created the problem, so we can improve the 
situation as time passes.

 

Another thing is to determine the existence of the purposeful effort - if we 
assume that such thing as leaks caused by state-backed providers exist, there 
is a very small chance that the leak would be represented as non-accidental by 
its nature and so on, so the policy probably should focus on preventing leaks 
caused by non-transit or smaller operators by enforcing certain rules on those 
who may be called transit ones, e.g. those whose business is entirely dependent 
on proper functioning of their infra.

 

Clearly this is the difficulty that will have the experts, correctly 
classifying the incidents, and may be this means that first time for some 
incidents (accidental or not) could not be declared as “on purpose”.

 

On Tue, Mar 19, 2019 at 4:14 PM JORDI PALET MARTINEZ via anti-abuse-wg 
 wrote:

Hi Andrey,

 

While it looks, in a first sight, a very good idea, if a neighbor ASN fails to 
do the filtering (for whatever reason, not necessarily on purpose), should we 
not just “punish” that one, but also next one and so on ?


Regards,

Jordi

 

 

 

De: anti-abuse-wg  en nombre de Andrey Korolyov 

Fecha: martes, 19 de marzo de 2019, 13:59
Para: 
Asunto: Re: [anti-abuse-wg] [routing-wg] 2019-03 New Policy Proposal (BGP 
Hijacking is a RIPE Policy Violation) to be discussed on Anti-Abuse Working 
Group Mailing List

 

You can find the full proposal at:
https://www.ripe.net/participate/policies/proposals/2019-03

 

Hey WG,

 

out of curiosity, why neighboring ASNs are not carrying any responsibility for 
not filtering out a malicious advertisement from a directly-peered neighbor in 
the proposal? AFAIU most leaks happen because large parties are letting their 
ACL loose, not because some state-backed player decides to take a pick on 
someone's else traffic (though both variants exists). The peer who allows any 
prefix announcement originating from its direct neighbor is no less responsible 
for the hijack as the origin AS itself. 

 

Could you please suggest a possibility to include that kind of relations 
(determined by third parties, as currently stated for hijacker's AS in the 
draft) and measures against a transit/upstream in same manner as they are 
currently defined for a hijacker?

 

Thanks. 


**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.



**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

Re: [anti-abuse-wg] [routing-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) to be discussed on Anti-Abuse Working Group Mailing List

[Gert Doering]

Hi,

On Tue, Mar 19, 2019 at 02:14:05PM +0100, JORDI PALET MARTINEZ via 
anti-abuse-wg wrote:
> While it looks, in a first sight, a very good idea, if a neighbor ASN fails 
> to do the filtering (for whatever reason, not necessarily on purpose), should 
> we not just ???punish??? that one, but also next one and so on ?

Sounds like a good plan.

(And, while at it, also sanction people that do TOFU quoting on mailing
lists)

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature

Re: [anti-abuse-wg] [routing-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) to be discussed on Anti-Abuse Working Group Mailing List

[Andrey Korolyov]

What I'm trying to say is that *direct* peers are responsible for leaks as
well (with un/misconfigured prefix list policy). Any other ASN simply have
no strict method and no prior knowledge to determine legitimacy of the
prefix announce, is should seem obvious. I personally don't believe that
introduction of this policy will somehow change behavior of small companies
who accidentally causing hijacks from time to time, but for their (larger
at most) upstreams/peers the policy violation is something they want to
prevent.

Another thing is to determine the existence of the purposeful effort - if
we assume that such thing as leaks caused by state-backed providers exist,
there is a very small chance that the leak would be represented as
non-accidental by its nature and so on, so the policy probably should focus
on preventing leaks caused by non-transit or smaller operators by enforcing
certain rules on those who may be called transit ones, e.g. those whose
business is entirely dependent on proper functioning of their infra.



On Tue, Mar 19, 2019 at 4:14 PM JORDI PALET MARTINEZ via anti-abuse-wg <
anti-abuse-wg@ripe.net> wrote:

> Hi Andrey,
>
>
>
> While it looks, in a first sight, a very good idea, if a neighbor ASN
> fails to do the filtering (for whatever reason, not necessarily on
> purpose), should we not just “punish” that one, but also next one and so on
> ?
>
>
> Regards,
>
> Jordi
>
>
>
>
>
>
>
> *De: *anti-abuse-wg  en nombre de Andrey
> Korolyov 
> *Fecha: *martes, 19 de marzo de 2019, 13:59
> *Para: *
> *Asunto: *Re: [anti-abuse-wg] [routing-wg] 2019-03 New Policy Proposal
> (BGP Hijacking is a RIPE Policy Violation) to be discussed on Anti-Abuse
> Working Group Mailing List
>
>
>
> You can find the full proposal at:
> https://www.ripe.net/participate/policies/proposals/2019-03
>
>
>
> Hey WG,
>
>
>
> out of curiosity, why neighboring ASNs are not carrying any responsibility
> for not filtering out a malicious advertisement from a directly-peered
> neighbor in the proposal? AFAIU most leaks happen because large parties are
> letting their ACL loose, not because some state-backed player decides to
> take a pick on someone's else traffic (though both variants exists). The
> peer who allows any prefix announcement originating from its direct
> neighbor is no less responsible for the hijack as the origin AS itself.
>
>
>
> Could you please suggest a possibility to include that kind of relations
> (determined by third parties, as currently stated for hijacker's AS in the
> draft) and measures against a transit/upstream in same manner as they are
> currently defined for a hijacker?
>
>
>
> Thanks.
>
> **
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the exclusive use of
> the individual(s) named above and further non-explicilty authorized
> disclosure, copying, distribution or use of the contents of this
> information, even if partially, including attached files, is strictly
> prohibited and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information, even if partially, including
> attached files, is strictly prohibited, will be considered a criminal
> offense, so you must reply to the original sender to inform about this
> communication and delete it.
>
>

Re: [anti-abuse-wg] [routing-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) to be discussed on Anti-Abuse Working Group Mailing List

[JORDI PALET MARTINEZ via anti-abuse-wg]

Hi Daniel,

Responses below, in-line.

Regards,
Jordi
 
 

-Mensaje original-
De: anti-abuse-wg  en nombre de Daniel Suchy 

Fecha: martes, 19 de marzo de 2019, 14:15
Para: 
Asunto: Re: [anti-abuse-wg] [routing-wg] 2019-03 New Policy Proposal (BGP 
Hijacking is a RIPE Policy Violation) to be discussed on Anti-Abuse Working 
Group Mailing List

Hello,
my comments:
- section 4.0: Assessers should be under direct community control
(voted/approved by community/members), not just defined by NCC.

As we are preparing also the same policy proposal for all the other RIRs, in a 
recent internal discussion we had already considered your point regarding the 
direct community control of the expert's group.

It looks that the authors agreement, at the time being, is on the direction 
that the RIR manage the procedure for selecting people but it should be done by 
means of a public open call. This is similar to what is done by other folks 
selected by the community.

- section 4.0 + 7.0 should define minimal number of assessers

Same regarding the number of experts, in the LACNIC proposal we understood that 
should be 3 people, same number for all the incidents, same number in the 
appeal phase (if it comes to that), and if in the future it is determined that 
it is too small, make sure that it is an odd number.

It will be very important for us to understand what other people believe on all 
those issues and possible pros/cons.

- reported incidents (reported by web-form defined at 4.0) should be
public, at least some metadata (prefix, offending ASN) to avoid
duplicate reports - with indication of assessment stage on that list

Making public the data for the reported incident seems a good idea, because 
even if you try to automate avoiding duplicate reports, it not necessarily 
works 100%. Furthermore, one possible idea is to allow to add "more" data to 
existing reports, which will probably, facilitate the work of the experts and 
the initial classification in terms of "fat fingers incident" vs "deliberate 
hijack".

- Daniel

On 3/19/19 1:42 PM, Marco Schmidt wrote:
> Dear colleagues,
> 
> A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy
> Violation", is now available for discussion.
> 
> This proposed policy is of interest to both the Anti-Abuse and Routing
> working groups. The chairs of both these working groups have agreed to
> keep the discussion on one single mailing list to avoid duplication, and
> for formal consideration of the proposal within the RIPE Policy
> Development Process.
> 
> You are therefore requested to share your feedback on this proposal with
> the Anti-Abuse mailing list.
> 
> The goal of this proposal is to define that BGP hijacking is not
> accepted as normal practice within the RIPE NCC service region.
> 
> You can find the full proposal at:
> https://www.ripe.net/participate/policies/proposals/2019-03
> 
> We encourage you to review this proposal and send your comments to
>  before 17 April 2019.
> 
> Kind regards,
> 
> Marco Schmidt
> Policy Officer
> RIPE NCC
> 
> 







**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

Re: [anti-abuse-wg] [routing-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) to be discussed on Anti-Abuse Working Group Mailing List

[Daniel Suchy]

Hello,
my comments:
- section 4.0: Assessers should be under direct community control
(voted/approved by community/members), not just defined by NCC.

- section 4.0 + 7.0 should define minimal number of assessers

- reported incidents (reported by web-form defined at 4.0) should be
public, at least some metadata (prefix, offending ASN) to avoid
duplicate reports - with indication of assessment stage on that list

- Daniel

On 3/19/19 1:42 PM, Marco Schmidt wrote:
> Dear colleagues,
> 
> A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy
> Violation", is now available for discussion.
> 
> This proposed policy is of interest to both the Anti-Abuse and Routing
> working groups. The chairs of both these working groups have agreed to
> keep the discussion on one single mailing list to avoid duplication, and
> for formal consideration of the proposal within the RIPE Policy
> Development Process.
> 
> You are therefore requested to share your feedback on this proposal with
> the Anti-Abuse mailing list.
> 
> The goal of this proposal is to define that BGP hijacking is not
> accepted as normal practice within the RIPE NCC service region.
> 
> You can find the full proposal at:
> https://www.ripe.net/participate/policies/proposals/2019-03
> 
> We encourage you to review this proposal and send your comments to
>  before 17 April 2019.
> 
> Kind regards,
> 
> Marco Schmidt
> Policy Officer
> RIPE NCC
> 
> 





signature.asc
Description: OpenPGP digital signature

[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

[Marco Schmidt]

Dear colleagues,

A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy 
Violation", is now available for discussion.

The goal of this proposal is to define that BGP hijacking is not accepted as 
normal practice within the RIPE NCC service region.

You can find the full proposal at:
https://www.ripe.net/participate/policies/proposals/2019-03

As per the RIPE Policy Development Process (PDP), the purpose of this four-week 
Discussion Phase is to discuss the proposal and provide feedback to the 
proposer.

At the end of the Discussion Phase, the proposers, with the agreement of the 
Anti-Abuse WG co-chairs, decide how to proceed with the proposal.

We encourage you to review this proposal and send your comments to 
 before 17 April 2019.

Kind regards,

Marco Schmidt
Policy Officer
RIPE NCC 

Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum

Re: [anti-abuse-wg] RIPE NCC Report: Law Enforcement Agency Requests 2018

[Alessandro Vesely]

On Tue 19/Mar/2019 11:03:06 +0100 Linda Slaakweg wrote:
> You can find the report at: 
> https://www.ripe.net/publications/docs/ripe-715/


[1] The majority of these requests were sent by
one particular party from the United States.

GOP?

Re: [anti-abuse-wg] RIPE NCC Report: Law Enforcement Agency Requests 2018

[Shane Kerr]

Linda,

On 19/03/2019 11.03, Linda Slaakweg wrote:


We have published a transparency report that details the nature of 
the requests we received from law enforcement agencies (LEAs) in 2018.


You can find the report at:
https://www.ripe.net/publications/docs/ripe-715/


Thank you for this (and previous) reports.

This level of transparency is important to maintain trust in the RIPE 
NCC, and of course also just interesting. 


Cheers,

--
Shane

[anti-abuse-wg] RIPE NCC Report: Law Enforcement Agency Requests 2018

[Linda Slaakweg]

Dear colleagues,

We have published a transparency report that details the nature of the requests 
we received from law enforcement agencies (LEAs) in 2018.

You can find the report at: 
https://www.ripe.net/publications/docs/ripe-715/ 


Kind regards,

Linda Slaakweg
Legal Counsel
RIPE NCC