date:20190405



Apparently, not all routing funny business involves hijacked IP address
space.

I was just doing some preliminary testing of a tool which I hope will
allow me to automate more of my spam reporting process.  I don't like
to report spam to the registered owner of the smallest containing IP
address block of the spam source because a substantial fraction of the
time, those are the very people actually doing the spamming.  So I prefer
instead to send spam reports to the designated abuse contacts for the
entire relevant ASN.

Fortunately, these days, for most RIPE and ARIN ASNs at least, the relevant
abuse reporting address for any given ASN is easy to obtain, and obtaining
those email addresses may be done in a fully automated fashion from the
relevant ASN WHOIS records.  But as I have only just now learned, while I
was doing preliminary testing on my simple software tool, there are some
exceptional cases where mapping an ASN to a corresponding abuse reporting
address becomes problematic.

Specifically, I have noticed some spammers cammped out on a block of IPv4
addresses that are currently routed by AS65021.  The whois.iana.org WHOIS
server tells me that this is a reserved ASN, and that it doesn't actually
belong to anybody at all.  Thus, my rather simple Perl script which attempts
to find a proper reporting email address for this one specific spammer
infestation fails rather horribly.

The CIDRs currently being routed by AS65021 are:

31.13.210.0/24
31.13.241.0/24
87.120.104.0/24
87.120.253.0/24
87.120.255.0/24
87.121.116.0/24
93.123.64.0/24
216.99.221.0/24  (seen by bgp.he.net)

Some of these have been routed by (bogus) AS65021 since 2018-12-03.

All of those CIDRs are properly registered to cloudware.bg except for the
last one which is registered to International Payout Systems Inc. (Florida).

Apparently, cloudware.bg is part of Neterra, Ltd. of Bulgaria (AS34224):

https://www.cloudware.bg/en/about
"As part of Neterra..."

I would say that this is just a very temporary mishap, and a temporary
"fat fingered" anomaly if it were not for the fact that some of these
routes have, according to RIPE Rotuing History, been countinuously
announced for over four full months now.

Can anyone explain this to me?  Please? I have more than a little trouble
understanding why a company like Neterra, Ltd., which -does- already have
its very own ASN (AS34224), feels the need to effectively steal a reserved
ASN for their own private use.  Are new AS numbers really all that expensive
in the RIPE region, so that some businesses might be motivated to save some
money by just grabbing onto one of the reserved ones?

None of this makes particularly much sense, but I do plan to send email to
Neterra, Ltd. in order to ask them what the devil goes on here.  Mostly, I
am just reporting theis here as a sort of indirect way of asking other
people on the list for their opinions about Neterra, Ltd. of Bulgaria.
Is that compaony in the habit of doing routing funny business?

For my own part, all I can say is that this is certainly not the first time
that I have encountered that company name... and not in a good way.


Regards,
rfg

Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro... something...

In message <20190405125144.ga99...@cilantro.c4inet.net>, 
"Sascha Luck [ml]"  wrote:

>I *do* agree that the NCC should not get involved in routing or
>content matters. I dispute the statement that *everyone* agrees
>with that.

I do not agree with that.

With respect to "content", yes, that is *not* RIPE's concen.  But you
have repeatedly tried to lump these two very different concerns together,
content and routing, and you have done so inappropriately, in my estimation.
The distinction between the two is clear enough, I think.

It is not for RIPE to decide what does or doesn't constitute "pornography",
e.g. in Russia, much less in Saudi Arabia.  That's the part that I think
essentially everyone agrees on.

In contrast, with respect to routing, I have to ask "What is the purpose
of RIPE?"  Is it not to make allocations of numbers, to various parties,
in the hope and belief that this will cause all of those parties to
"stay in their own lanes", so to speak?  Is the point of all of RIPE's
abundant bookeeping simply as an end, in and of itself, and totally without
reference to what actually happens out the Real World, with people's
actual routers?  I think not.  The whole point of RIPE is to try to foster
cooperation, and more specifically to prevent counterproductive squabbles
about who should be using which numbers.

If I am right about that, then 2019-03 is simply a codification of that
pre-existing goal and that pre-existing mandate.

To say that RIPE should have nothing to do with routing is like saying
that the traffic cop who stands in the middle of busy intersection,
motioning at various cars to tell them when it is their turn to move,
should have no effect at all on which cars actually do move, and when.
If that's true, then why bother having him there at all?

Regards,
rfg

Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro... something...

In message <20190405121330.gy99...@cilantro.c4inet.net>, 
Sascha Luck [ml]"  wrote:

>1) I'm not convinced "we all agree" on that. At least where
>content is concerned, that discussion has already been had, in
>this very place. With much similar arguments. While it ultimately
>led to nothing, i don't remember any universal agreement.

I cannot speak to every historical posting that might have ever been made
to the AAWG mailing list. I can only say that, for my part, I personally
have no recollection of having ever spoken in favor of the proposition
that RIPE should get into the content regulation business.  Nor do I have
any personal recollection of anyone else having ever done so, either here
or anywhere else.

That having been said, I understand that you have a reasonable concern that,
at some future point, RIPE may be motivated or enticed into attempting to
regulate some specific forms of content.  If and when that day ever comes,
I will be standing right beside you, denouncing and objecting to any such
attempts to make RIPE into the Content Police.  But that day is not today,
and that is clearly not what 2019-03 does.

>2) Why *not*? It is precisely what 2019-03 attempts to do: it
>empowers the NCC to regulate in an area where it has no mandate
>(Routing) with the argument that RIPE-"regulated" resources are
>involved. It follows logically that this extends to any other use
>of RIPE-"regulated" resources. Including who can advertise what
>to whom by which means and to which end. All it takes is another
>bright idea once that door is open.

This is, again, the "slippery slope" argument, i.e. the notion that once
RIPE has at least -one- "behavioral" rule, many others, including many that
may have nothing at all to do with RIPE's fundamental goals, will inevitably
follow.

I have already addressed this "slippery slope" argument.  I think that the
fear, while reasonable, is overblown, and that as long as RIPE remains
exclusively concerned with issues relating directly and only to the orderly
management of the address space this fear is misplaced.  Nobody has asked,
and nobody is at all likely to ask RIPE to address the issue of childhood
truancy, or any of a million other social ills that clearly have nothing at
all to do with Internet number resources.

To repeat, I and others see there as being a bright line that can easily be
used to clearly distinguish betwen abuse "on" the Internet and abuse "of"
the Internet.  Hijacking is clearly in the latter category.

>The debate as to what function the NCC should have can and should
>be had. However, not here. This is something that I firmly
>believe the paying membership AND NOBODY ELSE should decide.

I actually would agree with that last part, i.e. the part about having -only-
the dues-paying members decide.  I confess that I know virtually nothing
about the mechanics of how this whole process is supposed to work, but it
has been my assumption throughout that, yes, in fact, a proposal such as
this -would- ultimately have to be approved by the dues-paying membership,
acting as a whole body.  Are you asserting that a new rule such as 2019-03
could be adopted WITHOUT the consent of the dues-paying members, acting as
a whole?  If so, that's news to me! 

I confess that I may have been incorrectly assuming that this proposal
would be -reviewed- by the AAWG, and that at the end of this process, the
-recommendation- of the AAWG would be passed on for final ratification to
whatever body represents the whole of the dues-paying members... sort of
like a U.S. congressional subcommittee can simply -recommend- something,
after which it goes to the full committee, and then if -they- approve it,
then it finally gets voted on by the whole body (either the Senate or the
House of Representatives).  If that's not the way this actually works in
the case of the RIPE AAWG, then I ask for either you or the chair to educate
me about the mechanics of the actual adoption proccess for RIPE proposals
(such as 2019-03) because it sounds like you are saying that -just- the
AAWG can act on its own and thus bind the whole of RIPE to some course of
action.  If that's true, then it certainly would be unfair and un-democratic.

>As for comparing RIPE NCC with Twitter, that 'argument, is so
>blatantly ridiculous that I don't think it even deserves a
>response.

I fail to see how the comparison/analogy is ridiculous.  Both entities have
memberships and members.  Both provide some kind of service to those members.
In both cases, the entities could each arguably be called "monopoly
providers" of their respective services.  Seems like a good analogy to me!

The only real (and striking) difference seems to be that, as I pointed out,
one of these organizations has an actual AUP and the other doesn't have any
at all.

But perhaps that is exactly what you meant to say, i.e. that any comparison
between, say, Twitter and RIPE is "ridiculous" because Twitter, at least,
is realistic in its minimal

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15

In message <28f8ca64-f298-4a5b-99d0-411f96c56...@gmail.com>, 
Suresh Ramasubramanian  wrote:

>Come to think of it, Philip and Geoff have been presenting their CIDR report
>on aggregation for even longer than that.  I haven't seen their list of
>prefixes that could do with a ton of aggregation getting any smaller ..

Yea.  And according to what I see from time to time on bgp.he.net, plenty
of entities are still announcing bogons.  And according to what I see from
time to time on RIPE Routing History, quite a few people are or have been
announcing ridiculous routes, like for /2.

All in all, not a pretty picture.  In fact it all gives the impression of
a pretty absurd level of anarchy.

Regards,
rfg

Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro... something...

2019-04-05 Thread Gert Doering

Hi,

On Fri, Apr 05, 2019 at 01:33:52PM +, Suresh Ramasubramanian wrote:
> Using mutt and elm and conventions on what you call TOFU sort of faded into 
> the past with mutt and tin but anyway once I get in front of a laptop with a 
> reasonable mail client I will certainly follow that charmingly old fashioned 
> style.  I do have mutt available for use.
> 
> Yes. We won't get unanimous agreement on this. Hence rough consensus.

I'm not saying that this nice and wonderful new-style quoting does not
have its place.

What I am saying is "if everyone *else* is using a given style, just ignoring
local conventions and doing your personal preference is unconsiderate and
rude".

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature

Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro... something...

2019-04-05 Thread Suresh Ramasubramanian

Using mutt and elm and conventions on what you call TOFU sort of faded into the 
past with mutt and tin but anyway once I get in front of a laptop with a 
reasonable mail client I will certainly follow that charmingly old fashioned 
style.  I do have mutt available for use.

Yes. We won't get unanimous agreement on this. Hence rough consensus.

--srs

From: Gert Doering 
Sent: Friday, April 5, 2019 6:35 PM
To: Suresh Ramasubramanian
Cc: Sascha Luck [ml]; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro... 
something...

Hi,

On Fri, Apr 05, 2019 at 06:07:48PM +0530, Suresh Ramasubramanian wrote:
> Right. You don't agree with it. So "we all" don't agree with it. Excellent 
> reasoning there.

If a single person disagrees, the claim "all agree" is obviously false.

Very basic math.

And please follow accepted quoting style of the forum you're participating.

Single top posts in a civilized debate are so highly unconsiderate that
it should be sanctioned in itself.

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro... something...

2019-04-05 Thread Gert Doering

Hi,

On Fri, Apr 05, 2019 at 06:07:48PM +0530, Suresh Ramasubramanian wrote:
> Right. You don't agree with it. So "we all" don't agree with it.  Excellent 
> reasoning there.

If a single person disagrees, the claim "all agree" is obviously false.

Very basic math.

And please follow accepted quoting style of the forum you're participating.

Single top posts in a civilized debate are so highly unconsiderate that
it should be sanctioned in itself.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

signature.asc
Description: PGP signature

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03


On Fri, Apr 05, 2019 at 01:48:07PM +0100, Carlos Friaas wrote:

Imho, that will also depend on this regulator's f-u-n-d-i-n-g model.

Or are we supposed to see the uprising of a "FIR" (EU Federal Internet 
Registry), building on the NIR concept...? :-)


That's exactly what I think *will* happen. And it may happen
independently of whatever goes on here or in the NCC.
(Probably with a "ripedb" built at great cost by a defence
contractor which is down half the time and leaks like a sieve)

However, I think that if the NCC starts amassing "regulatory"
power, this may happen sooner than later...

Splitting the service region in two (EU and non-EU) sounds a bit 
impractical... :-)


Not really any more so than the creation of AfriNIC.

rgds,
SL

Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro... something...

On Fri, Apr 05, 2019 at 06:07:48PM +0530, Suresh Ramasubramanian wrote:

Right. You don't agree with it. So "we all" don't agree with it.  Excellent 
reasoning there.

I *do* agree that the NCC should not get involved in routing or
content matters. I dispute the statement that *everyone* agrees
with that. I apologise if I didn't make this clear enough. I will
endeavour to use even shorter words next time.

rgds,
SL

???On 05/04/19, 5:44 PM, "anti-abuse-wg on behalf of Sascha Luck [ml]" 
 wrote:

   On Thu, Apr 04, 2019 at 06:41:52PM -0700, Ronald F. Guilmette wrote:
   >RIPE can't tell anyone either what to announce (over BGP) much less what
   >the individual IP addresses that people do announce are used for, which
   >could include, and which often *does* include, the distribution of malware
   >and also innumerable other unsavory and illegal activities.  None of that
   >is, or rightly should be any of RIPE's concern.  On that I think we all
   >agree.

   This argument actually deserves a rebuttal.

   1) I'm not convinced "we all agree" on that. At least where
   content is concerned, that discussion has already been had, in
   this very place. With much similar arguments. While it ultimately
   led to nothing, i don't remember any universal agreement.

   2) Why *not*? It is precisely what 2019-03 attempts to do: it
   empowers the NCC to regulate in an area where it has no mandate
   (Routing) with the argument that RIPE-"regulated" resources are
   involved. It follows logically that this extends to any other use
   of RIPE-"regulated" resources. Including who can advertise what
   to whom by which means and to which end. All it takes is another
   bright idea once that door is open.

   >As regards to what RIPE members are paying for, unless I have totally
   >misunderstood, the members are paying for the -orderly- distribution and
   >registration of number resources.  Hijacking quite clearly flies in the
   >face of that desired order, and if left unchecked, results in the very
   >opposite of order, i.e. chaos.  Such activity therefore cannot be either
   >condoned nor even tolerated by the dues paying members if they are in
   >fact to get the very thing that they are paying for, order over chaos.

   The debate as to what function the NCC should have can and should
   be had. However, not here. This is something that I firmly
   believe the paying membership AND NOBODY ELSE should decide.

   As for comparing RIPE NCC with Twitter, that 'argument, is so
   blatantly ridiculous that I don't think it even deserves a
   response.

   rgds,
   SL

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03




Hi,

On Fri, 5 Apr 2019, Sascha Luck [ml] wrote:

(...)

And who would be doing that regulation?
- some EC org (service region goes way beyond EU...)


We will see this "EU Internet Regulator" within the term of the
next EU Commission / EUPARL. The (probably) next commisssion
president Manfred Weber has committed to this: 
http://www.spiegel.de/politik/ausland/manfred-weber-das-internet-muss-europaeischer-werden-a-1260900.html

(Sorry, it's in German. There is no other source I can find)

Now, this will happen whether 2019-03 passes or not, the question
is will they leave resource management alone, because it works,
or will it transfer into the domain of this regulator?


"Will _try_ to transfer." -- again, the service region is wider...

Imho, that will also depend on this regulator's f-u-n-d-i-n-g model.

Or are we supposed to see the uprising of a "FIR" (EU Federal Internet 
Registry), building on the NIR concept...? :-)




As for the service region, the EU cares only about the EU.
Whatever happens to the rest of the SR is not their concern.


Splitting the service region in two (EU and non-EU) sounds a bit 
impractical... :-)



Regards,
Carlos



rgds,
SL

Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro... something...

2019-04-05 Thread Suresh Ramasubramanian

Right. You don't agree with it. So "we all" don't agree with it.  Excellent 
reasoning there.

On 05/04/19, 5:44 PM, "anti-abuse-wg on behalf of Sascha Luck [ml]" 
 wrote:

On Thu, Apr 04, 2019 at 06:41:52PM -0700, Ronald F. Guilmette wrote:
>RIPE can't tell anyone either what to announce (over BGP) much less what
>the individual IP addresses that people do announce are used for, which
>could include, and which often *does* include, the distribution of malware
>and also innumerable other unsavory and illegal activities.  None of that
>is, or rightly should be any of RIPE's concern.  On that I think we all
>agree.

This argument actually deserves a rebuttal.

1) I'm not convinced "we all agree" on that. At least where
content is concerned, that discussion has already been had, in
this very place. With much similar arguments. While it ultimately
led to nothing, i don't remember any universal agreement.

2) Why *not*? It is precisely what 2019-03 attempts to do: it
empowers the NCC to regulate in an area where it has no mandate
(Routing) with the argument that RIPE-"regulated" resources are
involved. It follows logically that this extends to any other use
of RIPE-"regulated" resources. Including who can advertise what
to whom by which means and to which end. All it takes is another
bright idea once that door is open.

>As regards to what RIPE members are paying for, unless I have totally
>misunderstood, the members are paying for the -orderly- distribution and
>registration of number resources.  Hijacking quite clearly flies in the
>face of that desired order, and if left unchecked, results in the very
>opposite of order, i.e. chaos.  Such activity therefore cannot be either
>condoned nor even tolerated by the dues paying members if they are in
>fact to get the very thing that they are paying for, order over chaos.

The debate as to what function the NCC should have can and should
be had. However, not here. This is something that I firmly
believe the paying membership AND NOBODY ELSE should decide.

As for comparing RIPE NCC with Twitter, that 'argument, is so
blatantly ridiculous that I don't think it even deserves a
response.

rgds,
SL

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03


On Fri, Apr 05, 2019 at 08:23:12AM +0100, Carlos Friaas wrote:


So you seem to prefer regulation over self-regulation?


Not per se, just that I'd prefer governmental regulation over the
kind of regulation 2019-03 envisions.


And who would be doing that regulation?
- some EC org (service region goes way beyond EU...)


We will see this "EU Internet Regulator" within the term of the
next EU Commission / EUPARL. The (probably) next commisssion
president Manfred Weber has committed to this: 


http://www.spiegel.de/politik/ausland/manfred-weber-das-internet-muss-europaeischer-werden-a-1260900.html
(Sorry, it's in German. There is no other source I can find)

Now, this will happen whether 2019-03 passes or not, the question
is will they leave resource management alone, because it works,
or will it transfer into the domain of this regulator?

As for the service region, the EU cares only about the EU.
Whatever happens to the rest of the SR is not their concern.

rgds,
SL

Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro... something...


On Thu, Apr 04, 2019 at 06:41:52PM -0700, Ronald F. Guilmette wrote:

RIPE can't tell anyone either what to announce (over BGP) much less what
the individual IP addresses that people do announce are used for, which
could include, and which often *does* include, the distribution of malware
and also innumerable other unsavory and illegal activities.  None of that
is, or rightly should be any of RIPE's concern.  On that I think we all
agree.


This argument actually deserves a rebuttal.

1) I'm not convinced "we all agree" on that. At least where
content is concerned, that discussion has already been had, in
this very place. With much similar arguments. While it ultimately
led to nothing, i don't remember any universal agreement.

2) Why *not*? It is precisely what 2019-03 attempts to do: it
empowers the NCC to regulate in an area where it has no mandate
(Routing) with the argument that RIPE-"regulated" resources are
involved. It follows logically that this extends to any other use
of RIPE-"regulated" resources. Including who can advertise what
to whom by which means and to which end. All it takes is another
bright idea once that door is open.


As regards to what RIPE members are paying for, unless I have totally
misunderstood, the members are paying for the -orderly- distribution and
registration of number resources.  Hijacking quite clearly flies in the
face of that desired order, and if left unchecked, results in the very
opposite of order, i.e. chaos.  Such activity therefore cannot be either
condoned nor even tolerated by the dues paying members if they are in
fact to get the very thing that they are paying for, order over chaos.


The debate as to what function the NCC should have can and should
be had. However, not here. This is something that I firmly
believe the paying membership AND NOBODY ELSE should decide.

As for comparing RIPE NCC with Twitter, that 'argument, is so
blatantly ridiculous that I don't think it even deserves a
response.

rgds,
SL

Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro... something...

2019-04-05 Thread CSIRT.UMINHO Marco Teixeira

Comments inline
=Marco


> On Thu, Apr 04, 2019 at 04:52:32PM +0100, CSIRT.UMINHO Marco Teixeira wrote:
>>While I speak for myself, I might incur the risk of representing a lot of the
>>so-called "Astroturfers?!". While some accuse (please don't take it 
>>personally,
>>it's just clarification) the newcomers of being voiceless, I must say that I
>>have been, with great effort, refraining from going into a long discourse on a
>>list where I am new. That should not be understood as a sign of "spamming" a
>>vetting process, but as a sign of respect for all of you, long-standing 
>>members
>>of RIPE, guardians of our IP addresses, one of the building blocks of the
>>Internet :-)
> 
> I know of forums where "the n00b" is expected to shut up and
> listen, but this is not one of them. At least I have never
> noticed that newcomers weren't welcomed - and as I stated before,
> I personally would like to see more and different voices here -
> and no, not just those who agree with me although I hope some
> will...

It's not a "n00b" issue, for me, it's Netiquete.

> 
> So don't be afraid to speak up if you've something to say!
> 

I just did :)

>>As one last thought, again IMHO, I believe BGP Hijacking is one of the most
>>pressing issues, menacing the Internet resiliency, and it must be dealt with.
>>In the same manner, we apply AUP's to our users, it's RIPE responsibility, to
>>clearly state, it is not acceptable, and it will have consequences... Raising
>>the risk for companies is the only way we tip the balance of "Loss vs 
>>Earning",
>>and hopefully eradicate bad actors, or hopefully even stopping them right at
>>their business plans.
> 
> 1) The RIPE NCC is not the provider of "AUP" for the entire
> Internet or even the Internet of the Service Region. I understand
> that some would *like* it to be, but that is not what the members
> are paying it for.

Never said so. But it does provide a service that is beeing abused! And you 
can't really start to takle that if you don't have policy in place.

> 2) If anyone needs to be "eradicated", I'd prefer that to be
> determined by a judge and, preferably, a jury. NOT some
> neighbourhood watch curtain-twitcher with the help of a monopoly
> service provider.

I believe this argument of yours has been heavilly rebated already so i won't 
get into lenghty conter-argument. Just to say that, by your line of thinking, 
we should disolve RIPE and RIPE-NCC and reclaim a piece of IPv4. If anyone 
doesn't like it, let them sue.

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03




Hi,

Thanks Wolfgang and Suresh,

That's something i have been probably saying in between the lines: it 
would be easier for anyone on the Internet to evaluate if an hijack took 
place if more people (or most people) would share their routing views. :-)


Carlos


On Fri, 5 Apr 2019, Wolfgang Tremmel wrote:


Which is why services like RIPE RIS are so valuable to the community.
If anybody would just send its full BGP table to RIS detecting hijacks (and 
later proofing that they happened) would be much easier.

If you do not know what I am talking about, read:
https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris/ris-peering-policy

...and setup a BGP session to RIS.

Wolfgang


On 5. Apr 2019, at 01:43, Suresh Ramasubramanian  wrote:

You might find a hijacked prefix advertised solely to a single asn at an ix 
where it peers, and this for the purpose of spamming to or otherwise attacking 
whoever owns the asn.  Most of these targeted announcements might not even be 
visible to anyone else.



--
Wolfgang Tremmel

Phone +49 69 1730902 26 | Fax +49 69 4056 2716 | Mobile +49 171 8600 816 | 
wolfgang.trem...@de-cix.net
Executive Directors: Harald A. Summa and Sebastian Seifert | Trade Registry: AG 
Cologne, HRB 51135
DE-CIX Management GmbH | Lindleystrasse 12 | 60314 Frankfurt am Main | Germany 
| www.de-cix.net

Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro... something...




Hi, Sascha, All,

Seriously? Newcomers welcomed?

It's just a matter of going back and re-read parts of the thread and some 
sub-threads...


Regards,
Carlos


On Thu, 4 Apr 2019, Sascha Luck [ml] wrote:


On Thu, Apr 04, 2019 at 04:52:32PM +0100, CSIRT.UMINHO Marco Teixeira wrote:
While I speak for myself, I might incur the risk of representing a lot of 
the so-called "Astroturfers?!". While some accuse (please don't take it 
personally, it's just clarification) the newcomers of being voiceless, I 
must say that I have been, with great effort, refraining from going into a 
long discourse on a list where I am new. That should not be understood as a 
sign of "spamming" a vetting process, but as a sign of respect for all of 
you, long-standing members of RIPE, guardians of our IP addresses, one of 
the building blocks of the Internet :-)


I know of forums where "the n00b" is expected to shut up and
listen, but this is not one of them. At least I have never
noticed that newcomers weren't welcomed - and as I stated before,
I personally would like to see more and different voices here -
and no, not just those who agree with me although I hope some
will...

So don't be afraid to speak up if you've something to say!

As one last thought, again IMHO, I believe BGP Hijacking is one of the most 
pressing issues, menacing the Internet resiliency, and it must be dealt 
with. In the same manner, we apply AUP's to our users, it's RIPE 
responsibility, to clearly state, it is not acceptable, and it will have 
consequences... Raising the risk for companies is the only way we tip the 
balance of "Loss vs Earning", and hopefully eradicate bad actors, or 
hopefully even stopping them right at their business plans.


1) The RIPE NCC is not the provider of "AUP" for the entire
Internet or even the Internet of the Service Region. I understand
that some would *like* it to be, but that is not what the members
are paying it for. 2) If anyone needs to be "eradicated", I'd prefer that to 
be

determined by a judge and, preferably, a jury. NOT some
neighbourhood watch curtain-twitcher with the help of a monopoly
service provider. 
This is why I support "2019-03 New Policy Proposal (BGP Hijacking is a RIPE 
Policy Violation)"


and this is why I oppose it :)

rgds,
SL

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15

2019-04-05 Thread Suresh Ramasubramanian

I've seen presos on RIS for donkeys years - the earliest one I can find online
was in APRICOT 2001

What do you think is going to drive more adoption of this (and filtering based
on IRR data)? We all know who is using them and who isn’t. The ones who
don't use it leak routes, a lot.

Come to think of it, Philip and Geoff have been presenting their CIDR report on
aggregation for even longer than that. I haven't seen their list of prefixes
that could do with a ton of aggregation getting any smaller ..

Based on all this, I remain unconvinced that this problem is going to be solved
by other than policy based means.

--srs

On 05/04/19, 12:44 PM, "anti-abuse-wg on behalf of Wolfgang Tremmel"
wrote:

Which is why services like RIPE RIS are so valuable to the community.
If anybody would just send its full BGP table to RIS detecting hijacks (and
later proofing that they happened) would be much easier.

If you do not know what I am talking about, read:

https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris/ris-peering-policy

...and setup a BGP session to RIS.

Wolfgang

> On 5. Apr 2019, at 01:43, Suresh Ramasubramanian
wrote:
>
> You might find a hijacked prefix advertised solely to a single asn at an
ix where it peers, and this for the purpose of spamming to or otherwise
attacking whoever owns the asn. Most of these targeted announcements might not
even be visible to anyone else.
>

--
Wolfgang Tremmel

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03





On Thu, 4 Apr 2019, Sascha Luck [ml] wrote:


On Thu, Apr 04, 2019 at 08:32:39PM +0200, Karl-Josef Ziegler wrote:
Yes, this is also my opinion. The community should do something against 
this abusive behavior.
If it isn't done by the community there might be some regulation coming 
from outside, i.e.
political entities. And I doubt that this will be the better way to handle 
this problem.


I am starting to come around to the opinion that such regulation
would actually be preferrable to this. Legislative regulation, at
least in democratic societies, imposes responsibilities but it
also gives *rights*. Namely constitutionality, the right to have
such regulation applied transparently and fairly and, most
importantly, the right to judicial review. None of which applies
to the vigilante kind of "justice" the proponents wish the RIPE
NCC to become the enforcer of. Given these two choices, I know
which way I'd vote.


Hi,

So you seem to prefer regulation over self-regulation?

And who would be doing that regulation?
- some EC org (service region goes way beyond EU...)
- the Dutch Telecoms Regulator?
- ITU-T?
- ...?

Honestly, i don't have a clue...

Regards,
Carlos



rgds,
SL

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03