Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
All, Sure, but stat.ripe.net, bgp.he.net, rpki, and many other sources are free > for everyone to access. :-) > Having a copy of the table and see historical data doesn't automatically give one the ability to determine if a given announcement was a hijack. I might strongly suspect that it was - sure. My personal suspicions should not be enough in this instance. Honestly, i handed it back in late April. The IA and publishing took some > time... :-) > What i think supports what i wrote above is in Section 7.0, clause 1: > "The RIPE NCC will verify that a report contains sufficient information > before assigning it to a group of experts. If this is not the case, the > report will be dismissed." > > Maybe it could be a bit clearer, or we could textually add "one event or a > handful of events is not enough". > Stating that a single report isn't enough doesn't solve the issue. A thousand reports might not give enough quality information to justify an investigation; a single report from an authoritative source might. It is for this reason that - in order to save resources - I'm concerned with the amount of people who could potentially submit a report. Hence Section 7.0, clause 1 :-) > Section 7 of the current draft gives the accused the opportunity to defend themselves as the second step, right after the NCC "verifies" the request. The accused entity is still being "asked" (under pressure) to provide information on the basis of a report that may or may not have come from someone who actually knows about the situation. Sure. And i have already read the IA. All of it. > OK. I've done the same. I still feel that the IA outlines a lot of issues and problems. At this time, I don't think that the potential benefits of the proposal outweigh the costs. Jacob Slater On Mon, Sep 9, 2019 at 5:56 PM Carlos Friaças wrote: > > > Hi, > > > On Mon, 9 Sep 2019, Jacob Slater wrote: > > > All, > > If it's *your* table, you should be able. > > > > Again, I disagree. Just because you have a copy of the routing table > doesn't automatically put you in a position to know what is going on with > each entry present in that table. > > Sure, but stat.ripe.net, bgp.he.net, rpki, and many other sources are > free > for everyone to access. :-) > > > > But please keep in mind than one event or a handful of events > shouldn't > > justify an investigation, or handing a case to "experts". > > > > The current policy proposal doesn't have text to support this. > > Honestly, i handed it back in late April. The IA and publishing took some > time... :-) > What i think supports what i wrote above is in Section 7.0, clause 1: > "The RIPE NCC will verify that a report contains sufficient information > before assigning it to a group of experts. If this is not the case, the > report will be dismissed." > > Maybe it could be a bit clearer, or we could textually add "one event or a > handful of events is not enough". > > > > > If the issue is fixed and the issue originator isn't always the > same, then > > no real need for an investigation. Maybe the amount of text on the > current > > version fades a bit the two main concepts of "persistent" and > > "intentional". > > > > I am in agreement with you on this. > > > > There should be enough "trail" to justify starting an > investigation... > > > > If the person submitting a report isn't in an authoritative position to > say whether or not an announcement was a hijack, there isn't a good enough > "trail" to justify starting an investigation. > > Hence Section 7.0, clause 1 :-) > > > > >The "proposal". It's just a proposal...! :-) > > > > > > > > I agree that there isn't a way to measure how many people around > the > > > > world would not resort to hijacking if this proposal was in place > today > > > > My apologies for misspeaking on that one. Any references I may have > made to 2019-3 as a "policy" should read as "policy proposal". > > No harm done :-) > > > > Just because a policy proposal has the chance to discourage bad actors > doesn't mean we should ignore the potential consequences of implementing > the proposal. > > Sure. And i have already read the IA. All of it. > > > Regards, > Carlos > > > > > Jacob Slater > > > > > > > > On Mon, Sep 9, 2019 at 5:25 PM Carlos Friaças wrote: > > > > > > Hi, > > > > > > On Mon, 9 Sep 2019, Jacob Slater wrote: > > > > > All, > > > If that happens, then potentially everyone can be a > victim, yes. > > > Then they should be able to place a report. > > > > > > > > > I disagree. Just because you see what you think is a hijack in > the full table doesn't mean you have enough information to justify a full > investigation that is likely to consume valuable time and resources. > > > > If it's *your* table, you should be able. > > But please keep in mind than one event or a handful of events > shouldn't > > justify an
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
Hi, On Mon, 9 Sep 2019, Jacob Slater wrote: All, If it's *your* table, you should be able. Again, I disagree. Just because you have a copy of the routing table doesn't automatically put you in a position to know what is going on with each entry present in that table. Sure, but stat.ripe.net, bgp.he.net, rpki, and many other sources are free for everyone to access. :-) But please keep in mind than one event or a handful of events shouldn't justify an investigation, or handing a case to "experts". The current policy proposal doesn't have text to support this. Honestly, i handed it back in late April. The IA and publishing took some time... :-) What i think supports what i wrote above is in Section 7.0, clause 1: "The RIPE NCC will verify that a report contains sufficient information before assigning it to a group of experts. If this is not the case, the report will be dismissed." Maybe it could be a bit clearer, or we could textually add "one event or a handful of events is not enough". If the issue is fixed and the issue originator isn't always the same, then no real need for an investigation. Maybe the amount of text on the current version fades a bit the two main concepts of "persistent" and "intentional". I am in agreement with you on this. There should be enough "trail" to justify starting an investigation... If the person submitting a report isn't in an authoritative position to say whether or not an announcement was a hijack, there isn't a good enough "trail" to justify starting an investigation. Hence Section 7.0, clause 1 :-) The "proposal". It's just a proposal...! :-) I agree that there isn't a way to measure how many people around the world would not resort to hijacking if this proposal was in place today My apologies for misspeaking on that one. Any references I may have made to 2019-3 as a "policy" should read as "policy proposal". No harm done :-) Just because a policy proposal has the chance to discourage bad actors doesn't mean we should ignore the potential consequences of implementing the proposal. Sure. And i have already read the IA. All of it. Regards, Carlos Jacob Slater On Mon, Sep 9, 2019 at 5:25 PM Carlos Friaças wrote: Hi, On Mon, 9 Sep 2019, Jacob Slater wrote: > All, > If that happens, then potentially everyone can be a victim, yes. > Then they should be able to place a report. > > > I disagree. Just because you see what you think is a hijack in the full table doesn't mean you have enough information to justify a full investigation that is likely to consume valuable time and resources. If it's *your* table, you should be able. But please keep in mind than one event or a handful of events shouldn't justify an investigation, or handing a case to "experts". > Afaik, this is possible within LACNIC (i.e. through warp.lacnic.net). When > the same proposal was discussed there, the yearly number of reports (if > i'm not mistaken) was on the scale of dozens -- and they have a very high > degree of helping stop/mitigate the incidents, almost close to 100%, which > is fantastic! > > > Being asked to fix an issue is very different from getting investigated for an issue with the potential for termination of membership. If the issue is fixed and the issue originator isn't always the same, then no real need for an investigation. Maybe the amount of text on the current version fades a bit the two main concepts of "persistent" and "intentional". > While I haven't seen a proposal for establishing a system like LACNIC's WARP under RIPE, I'd be > open to the idea. Great. Does anyone think this is a bad idea? That would probably fall under the ncc-services-wg, so we'll have to see :-) > I fail to identify exactly were the proposal describes such a need. > Even so, the experts should be binded to NDAs... :-) > > > While having the experts under NDA is a step in the right direction, it still involves effectively being required to turn information over to external parties due to the suspicions of some random AS. My concern isn't so much that the > information will be leaked; my concern is that, fundamentally, being required to turn information over to a third party on someone's unsupported suspicions seems wrong. There should be enough "trail" to justify starting an investigation... > Right now, the policy seems to pull a large amount of resources and risk (per the impact analysis) without enough of a return. The "proposal". It's just a proposal...! :-) I agree that there isn't a way to measure how many people around the world
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
All, If it's *your* table, you should be able. > Again, I disagree. Just because you have a copy of the routing table doesn't automatically put you in a position to know what is going on with each entry present in that table. But please keep in mind than one event or a handful of events shouldn't > justify an investigation, or handing a case to "experts". > The current policy proposal doesn't have text to support this. If the issue is fixed and the issue originator isn't always the same, then > no real need for an investigation. Maybe the amount of text on the current > version fades a bit the two main concepts of "persistent" and > "intentional". > I am in agreement with you on this. There should be enough "trail" to justify starting an investigation... > If the person submitting a report isn't in an authoritative position to say whether or not an announcement was a hijack, there isn't a good enough "trail" to justify starting an investigation. The "proposal". It's just a proposal...! :-) I agree that there isn't a way to measure how many people around the world would not resort to hijacking if this proposal was in place today My apologies for misspeaking on that one. Any references I may have made to 2019-3 as a "policy" should read as "policy proposal". Just because a policy proposal has the chance to discourage bad actors doesn't mean we should ignore the potential consequences of implementing the proposal. Jacob Slater On Mon, Sep 9, 2019 at 5:25 PM Carlos Friaças wrote: > > > Hi, > > > On Mon, 9 Sep 2019, Jacob Slater wrote: > > > All, > > If that happens, then potentially everyone can be a victim, yes. > > Then they should be able to place a report. > > > > > > I disagree. Just because you see what you think is a hijack in the full > table doesn't mean you have enough information to justify a full > investigation that is likely to consume valuable time and resources. > > If it's *your* table, you should be able. > But please keep in mind than one event or a handful of events shouldn't > justify an investigation, or handing a case to "experts". > > > > Afaik, this is possible within LACNIC (i.e. through > warp.lacnic.net). When > > the same proposal was discussed there, the yearly number of > reports (if > > i'm not mistaken) was on the scale of dozens -- and they have a > very high > > degree of helping stop/mitigate the incidents, almost close to > 100%, which > > is fantastic! > > > > > > Being asked to fix an issue is very different from getting investigated > for an issue with the potential for termination of membership. > > If the issue is fixed and the issue originator isn't always the same, then > no real need for an investigation. Maybe the amount of text on the current > version fades a bit the two main concepts of "persistent" and > "intentional". > > > > While I haven't seen a proposal for establishing a system like LACNIC's > WARP under RIPE, I'd be > > open to the idea. > > Great. Does anyone think this is a bad idea? > > That would probably fall under the ncc-services-wg, so we'll have to see > :-) > > > > > I fail to identify exactly were the proposal describes such a need. > > Even so, the experts should be binded to NDAs... :-) > > > > > > While having the experts under NDA is a step in the right direction, it > still involves effectively being required to turn information over to > external parties due to the suspicions of some random AS. My concern isn't > so much that the > > information will be leaked; my concern is that, fundamentally, being > required to turn information over to a third party on someone's unsupported > suspicions seems wrong. > > There should be enough "trail" to justify starting an investigation... > > > > > Right now, the policy seems to pull a large amount of resources and risk > (per the impact analysis) without enough of a return. > > The "proposal". It's just a proposal...! :-) > > I agree that there isn't a way to measure how many people around the > world would not resort to hijacking if this proposal was in place today > :-) > > > Regards, > Carlos > > > > > > Jacob Slater > > > > > > > > > > > > > > On Mon, Sep 9, 2019 at 3:45 PM Carlos Friaças wrote: > > > > > > On Thu, 5 Sep 2019, Jacob Slater wrote: > > > > > All, > > > > Hi Jacob, All, > > > > > > > Given the number of people who may submit a report (anyone > receiving a > > > full table from their upstream(s), assuming the accused hijack > makes it > > > into the DFZ), > > > > If that happens, then potentially everyone can be a victim, yes. > > Then they should be able to place a report. > > But that's a fundamental part of why some changes are needed: it's > not > > only the legitimate address space owner who is the victim of an > hijack. > > People/networks whose packets are diverted by an hijack are also > victims > > of traffic interception. > > >
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
Hi, On Mon, 9 Sep 2019, Jacob Slater wrote: All, If that happens, then potentially everyone can be a victim, yes. Then they should be able to place a report. I disagree. Just because you see what you think is a hijack in the full table doesn't mean you have enough information to justify a full investigation that is likely to consume valuable time and resources. If it's *your* table, you should be able. But please keep in mind than one event or a handful of events shouldn't justify an investigation, or handing a case to "experts". Afaik, this is possible within LACNIC (i.e. through warp.lacnic.net). When the same proposal was discussed there, the yearly number of reports (if i'm not mistaken) was on the scale of dozens -- and they have a very high degree of helping stop/mitigate the incidents, almost close to 100%, which is fantastic! Being asked to fix an issue is very different from getting investigated for an issue with the potential for termination of membership. If the issue is fixed and the issue originator isn't always the same, then no real need for an investigation. Maybe the amount of text on the current version fades a bit the two main concepts of "persistent" and "intentional". While I haven't seen a proposal for establishing a system like LACNIC's WARP under RIPE, I'd be open to the idea. Great. Does anyone think this is a bad idea? That would probably fall under the ncc-services-wg, so we'll have to see :-) I fail to identify exactly were the proposal describes such a need. Even so, the experts should be binded to NDAs... :-) While having the experts under NDA is a step in the right direction, it still involves effectively being required to turn information over to external parties due to the suspicions of some random AS. My concern isn't so much that the information will be leaked; my concern is that, fundamentally, being required to turn information over to a third party on someone's unsupported suspicions seems wrong. There should be enough "trail" to justify starting an investigation... Right now, the policy seems to pull a large amount of resources and risk (per the impact analysis) without enough of a return. The "proposal". It's just a proposal...! :-) I agree that there isn't a way to measure how many people around the world would not resort to hijacking if this proposal was in place today :-) Regards, Carlos Jacob Slater On Mon, Sep 9, 2019 at 3:45 PM Carlos Friaças wrote: On Thu, 5 Sep 2019, Jacob Slater wrote: > All, Hi Jacob, All, > Given the number of people who may submit a report (anyone receiving a > full table from their upstream(s), assuming the accused hijack makes it > into the DFZ), If that happens, then potentially everyone can be a victim, yes. Then they should be able to place a report. But that's a fundamental part of why some changes are needed: it's not only the legitimate address space owner who is the victim of an hijack. People/networks whose packets are diverted by an hijack are also victims of traffic interception. Afaik, this is possible within LACNIC (i.e. through warp.lacnic.net). When the same proposal was discussed there, the yearly number of reports (if i'm not mistaken) was on the scale of dozens -- and they have a very high degree of helping stop/mitigate the incidents, almost close to 100%, which is fantastic! > I'm still concerned that the proposed policy would cause more harm than > good. A random AS that happens to receive the announcement isn't in an > authoritative position to know if a given announcement was unauthorized. I can fully agree that a system based on (possibly forged) LOAs, and unauthenticated IRR created the huge mess we are submerged in today... :((( > Putting them through a reporting process that might well require the > disclosure of internal information because of an unrelated > individual/group being suspicious is a problem. I fail to identify exactly were the proposal describes such a need. Even so, the experts should be binded to NDAs... :-) Regards, Carlos > Combined with the issues detailed in the Impact Analysis, I'm opposed to the policy as written. > > Jacob Slater > > On Thu, Sep 5, 2019 at 9:24 AM Marco Schmidt wrote: > Dear colleagues, > > Policy proposal 2019-03, "Resource Hijacking is a RIPE Policy Violation" > is now in the Review Phase. > > The goal of this proposal is to define that BGP hijacking is not > accepted as normal practice within the RIPE NCC service region. > > The proposal has been updated following the last round of discussion and > is now
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
All, If that happens, then potentially everyone can be a victim, yes. > Then they should be able to place a report. > I disagree. Just because you see what you think is a hijack in the full table doesn't mean you have enough information to justify a full investigation that is likely to consume valuable time and resources. Afaik, this is possible within LACNIC (i.e. through warp.lacnic.net). When > the same proposal was discussed there, the yearly number of reports (if > i'm not mistaken) was on the scale of dozens -- and they have a very high > degree of helping stop/mitigate the incidents, almost close to 100%, which > is fantastic! Being asked to fix an issue is very different from getting investigated for an issue with the potential for termination of membership. While I haven't seen a proposal for establishing a system like LACNIC's WARP under RIPE, I'd be open to the idea. I fail to identify exactly were the proposal describes such a need. > Even so, the experts should be binded to NDAs... :-) > While having the experts under NDA is a step in the right direction, it still involves effectively being required to turn information over to external parties due to the suspicions of some random AS. My concern isn't so much that the information will be leaked; my concern is that, fundamentally, being required to turn information over to a third party on someone's unsupported suspicions seems wrong. Right now, the policy seems to pull a large amount of resources and risk (per the impact analysis) without enough of a return. Jacob Slater On Mon, Sep 9, 2019 at 3:45 PM Carlos Friaças wrote: > > > On Thu, 5 Sep 2019, Jacob Slater wrote: > > > All, > > Hi Jacob, All, > > > > Given the number of people who may submit a report (anyone receiving a > > full table from their upstream(s), assuming the accused hijack makes it > > into the DFZ), > > If that happens, then potentially everyone can be a victim, yes. > Then they should be able to place a report. > But that's a fundamental part of why some changes are needed: it's not > only the legitimate address space owner who is the victim of an hijack. > People/networks whose packets are diverted by an hijack are also victims > of traffic interception. > > Afaik, this is possible within LACNIC (i.e. through warp.lacnic.net). > When > the same proposal was discussed there, the yearly number of reports (if > i'm not mistaken) was on the scale of dozens -- and they have a very high > degree of helping stop/mitigate the incidents, almost close to 100%, which > is fantastic! > > > > I'm still concerned that the proposed policy would cause more harm than > > good. A random AS that happens to receive the announcement isn't in an > > authoritative position to know if a given announcement was unauthorized. > > I can fully agree that a system based on (possibly forged) LOAs, and > unauthenticated IRR created the huge mess we are submerged in today... > :((( > > > > Putting them through a reporting process that might well require the > > disclosure of internal information because of an unrelated > > individual/group being suspicious is a problem. > > I fail to identify exactly were the proposal describes such a need. > Even so, the experts should be binded to NDAs... :-) > > > Regards, > Carlos > > > > > Combined with the issues detailed in the Impact Analysis, I'm opposed to > the policy as written. > > > > Jacob Slater > > > > On Thu, Sep 5, 2019 at 9:24 AM Marco Schmidt wrote: > > Dear colleagues, > > > > Policy proposal 2019-03, "Resource Hijacking is a RIPE Policy > Violation" > > is now in the Review Phase. > > > > The goal of this proposal is to define that BGP hijacking is not > > accepted as normal practice within the RIPE NCC service region. > > > > The proposal has been updated following the last round of > discussion and > > is now at version v2.0. Some of the changes made to version v1.0 > include: > > - Includes procedural steps for reporting and evaluation of > potential > > hijacks > > - Provides guidelines for external experts > > - Adjusted title > > > > The RIPE NCC has prepared an impact analysis on this latest > proposal > > version to support the community?s discussion. You can find the > full > > proposal and impact analysis at: > > https://www.ripe.net/participate/policies/proposals/2019-03 > > > https://www.ripe.net/participate/policies/proposals/2019-03#impact-analysis > > > > And the draft documents at: > > https://www.ripe.net/participate/policies/proposals/2019-03/draft > > > > As per the RIPE Policy Development Process (PDP), the purpose of > this > > four week Review Phase is to continue discussion of the proposal, > taking > > the impact analysis into consideration, and to review the full > draft > > RIPE Policy Document. > > > > At the end of the Review Phase, the Working Group (WG) Chairs will > >
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
Hi, (please see inline) On Thu, 5 Sep 2019, Alex de Joode wrote: ??Dropping it might be the best thing: The document does not clearly state what the procedure is (binding arbitrage? (the decision leads to a conclusion that might have an effect on the status of the LIR involved? (with anonymous 'experts' who act as 'judges' ? (a legal no-no))). The ruleset now is A. 2019-03 proposes to extend A, then the ruleset would become A+B. People who doesn't abide by the rules, can have their LIR status changed, either the ruleset is A or A+B. About the experts, v2 really expanded on the subject -- which resulted from a lot of diverse input. Experts are not completely anonymous, because they would have to collect support statements to enter the pool. The case assignments shouldn't be public in order to "avoid bribery attempts or reprisal actions against them". Is this something against Dutch Law? If that is the case, then "7." on Section 6 must be scrapped. The proposal does not rule out the "hijacker" going to civil court if they might lose their LIR status (and IP space), if not RIPE will just incur extra costs. (going to civil court is impossible to rule out, anyways). Yes, and going to courts also may happen when a company loses LIR status by any other reason, which is already part of the current ruleset... :-)) Do the contacts the LIR has with RIPE need to be amended for this to function ? (What if the LIRs refuse to sign the new contract, due to this introduced risk) I don't think the contracts need to be amended, in the same way they didn't need to be ammended to include the possibility of losing membership if (for instance) false documents are provided to the RIPE NCC... Thanks for your input. Regards, Carlos ?-- IDGARA | Alex de Joode | +31651108221 On Thu, 05-09-2019 21h 46min, Alex de Joode wrote: ?Dropping it might be the best thing: The document does not clearly state what the procedure is (binding arbitrage? (the decision leads to a conclusion that might have an effect on the status of the LIR involved? (with anonymous 'experts' who act as 'judges' ? (a legal no-no))). The proposal does not rule out the "hijacker" going to civil court if they might lose their LIR status (and IP space), if not RIPE will just incur extra costs. (going to civil court is impossible to rule out, anyways). Do the contacts the LIR has with RIPE need to be amended for this to function ? (What if the LIRs refuse to sign the new contract, due to this introduced risk) ?-- IDGARA | Alex de Joode | +31651108221 On Thu, 05-09-2019 20h 56min, Erik Bais wrote: I fully agree with Nick. Drop it like its hot ... Erik Bais > Op 5 sep. 2019 om 18:15 heeft Nick Hilliard het volgende geschreven: > > I'd like to suggest to the chairs that this proposal be formally dropped.
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
On Thu, 5 Sep 2019, Jacob Slater wrote: All, Hi Jacob, All, Given the number of people who may submit a report (anyone receiving a full table from their upstream(s), assuming the accused hijack makes it into the DFZ), If that happens, then potentially everyone can be a victim, yes. Then they should be able to place a report. But that's a fundamental part of why some changes are needed: it's not only the legitimate address space owner who is the victim of an hijack. People/networks whose packets are diverted by an hijack are also victims of traffic interception. Afaik, this is possible within LACNIC (i.e. through warp.lacnic.net). When the same proposal was discussed there, the yearly number of reports (if i'm not mistaken) was on the scale of dozens -- and they have a very high degree of helping stop/mitigate the incidents, almost close to 100%, which is fantastic! I'm still concerned that the proposed policy would cause more harm than good. A random AS that happens to receive the announcement isn't in an authoritative position to know if a given announcement was unauthorized. I can fully agree that a system based on (possibly forged) LOAs, and unauthenticated IRR created the huge mess we are submerged in today... :((( Putting them through a reporting process that might well require the disclosure of internal information because of an unrelated individual/group being suspicious is a problem. I fail to identify exactly were the proposal describes such a need. Even so, the experts should be binded to NDAs... :-) Regards, Carlos Combined with the issues detailed in the Impact Analysis, I'm opposed to the policy as written. Jacob Slater On Thu, Sep 5, 2019 at 9:24 AM Marco Schmidt wrote: Dear colleagues, Policy proposal 2019-03, "Resource Hijacking is a RIPE Policy Violation" is now in the Review Phase. The goal of this proposal is to define that BGP hijacking is not accepted as normal practice within the RIPE NCC service region. The proposal has been updated following the last round of discussion and is now at version v2.0. Some of the changes made to version v1.0 include: - Includes procedural steps for reporting and evaluation of potential hijacks - Provides guidelines for external experts - Adjusted title The RIPE NCC has prepared an impact analysis on this latest proposal version to support the community?s discussion. You can find the full proposal and impact analysis at: https://www.ripe.net/participate/policies/proposals/2019-03 https://www.ripe.net/participate/policies/proposals/2019-03#impact-analysis And the draft documents at: https://www.ripe.net/participate/policies/proposals/2019-03/draft As per the RIPE Policy Development Process (PDP), the purpose of this four week Review Phase is to continue discussion of the proposal, taking the impact analysis into consideration, and to review the full draft RIPE Policy Document. At the end of the Review Phase, the Working Group (WG) Chairs will determine whether the WG has reached rough consensus. It is therefore important to provide your opinion, even if it is simply a restatement of your input from the previous phase. We encourage you to read the proposal, impact analysis and draft document and send any comments to before 4 October 2019. Kind regards, Marco Schmidt Policy Officer RIPE NCC
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
On Mon, 9 Sep 2019, Michele Neylon - Blacknight wrote: Carlos Hi Michele, All, Nick and others have covered why it should be dropped in their emails to this list. Quoting from Nick's: " that is as damning an impact analysis as I've ever seen, and it sends a clear signal that the proposal would not solve the root problem while simultaneously being very harmful to the RIPE NCC. I'd like to suggest to the chairs that this proposal be formally dropped. It's taken up a good deal of working group time at this point and there is an obvious lack of consensus that the proposal should be adopted as a policy. Nick " I simply read "very harmful" as "the possibility of lawsuits against RIPE NCC". Lawsuits can happen if you have the rules; if the rules are bad (or badly followed) or by the abscence of them (now...). So i don't really agree with "very harmful". The impact analysis points to a broad set of issues, YES, which we (the co-authors) may decide to address or not. It's also pretty clear that the cost implications of this proposal far outweigh any potential benefit. Perhaps i missed the numbers. I only read in the IA about "significant finantial impact" (depending on the # of reports received) and "significant cost factor" (from liability insurance). So it should just be dropped. And your counterargument about cost is completely divorced from economic reality. I haven't really seen a price tag. The acceptance of that price tag will depend on the viewpoint -- a victim's viewpoint will certainly tolerate a higher price tag ;-) RIPE NCC are not the routing police. Of course not. Here we can agree. But the RIPE NCC already provides some means to identify who is actually breaking the *unwritten* rule that hijacks are not tolerated, and it could do a lot more (imho) for its community at large, the end-users, by removing hijackers from the system after they are *undoubtably* identified. :-) Regards, Carlos Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 09/09/2019, 15:53, "Carlos Friaças" wrote: Hi Michele, All, Can you be more specific about which problems derive from this proposal's simple existence...? About: "going to cost more" -- when you try to improve something, it's generally not cheaper, yes. but then there is "worth", which generates different views. (...) The "causes more harms" bit is mostly derived from the possibility of lawsuits...? Regards, Carlos On Mon, 9 Sep 2019, Michele Neylon - Blacknight wrote: > 100% agreed > > This proposal should be dropped as it's creating more problems, going to cost more and generally causes more harms than those it was aimed to solve. > > > > -- > Mr Michele Neylon > Blacknight Solutions > Hosting, Colocation & Domains > https://www.blacknight.com/ > https://blacknight.blog/ > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Personal blog: https://michele.blog/ > Some thoughts: https://ceo.hosting/ > --- > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty > Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 > > On 05/09/2019, 17:15, "anti-abuse-wg on behalf of Nick Hilliard" wrote: > >Marco Schmidt wrote on 05/09/2019 14:23: >> The RIPE NCC has prepared an impact analysis on this latest proposal >> version to support the community?s discussion. You can find the full >> proposal and impact analysis at: >> https://www.ripe.net/participate/policies/proposals/2019-03 > >that is as damning an impact analysis as I've ever seen, and it sends a >clear signal that the proposal would not solve the root problem while >simultaneously being very harmful to the RIPE NCC. > >I'd like to suggest to the chairs that this proposal be formally >dropped. It's taken up a good deal of working group time at this point >and there is an obvious lack of consensus that the proposal should be >adopted as a policy. > >Nick > > > > >
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
On Mon, 9 Sep 2019, Alexander Talos-Zens wrote: Hej, Hi Alexander, All, (please see inline) this is my first post in this list - my perspective is taht of a security guy with little knowledge about BGP or the inner workings of RIPE, but very interested in everything that helps definding against the bad guys. Den 2019-09-05 kl. 15:23, skrev Marco Schmidt: The goal of this proposal is to define that BGP hijacking is not accepted as normal practice within the RIPE NCC service region. Firstly, thanks everyone involved for the effort in setting up this policy proposal. I like many points, e.g. that it makes clear that accidental events shall not be reprimanded. Others might deserve being rephrased, e.g. CSIRTS being entitled to file reports. That detail is new on version 2, derived from comments to version 1. :-) The idea was to prevent anyone to "hunt" for hijacks and overload the system with reports, i guess. We didn't have that in version 1, so we added it to v2. As a workaround, a CSIRT (i work for one...) can ask the victim to file the report, or help the victim in doing that. On the other hand, I had a hard time trying to determine the positive impact of the proposed policy. The original idea is/was: Some (persistent, intentional) hijackers are RIPE NCC members, and if they don't respect the address space allocated to others, perhaps they shouldn't be inside the system. However, it's important to note, that *one* policy violation will not result in the member/hijacker losing membership status... On the formal side, to define that hijacking is a violation of policy without specifying which policy is violated gives me a mental blue screen. There is currently no policy against hijacking. Member X can actually hijack blocks or parts of blocks from Members Y,W,Z (or members from other RIRs) and life goes on. This proposal tries to establish that persistent, intentional hijacking is not to be tolerated -- unfortunately not everyone agrees... :-) As far as I know, please correct me if I'm wrong, there is no policy in RIPE that proscribes hijacking, and neither would 2019-03 do that. 2019-03 tries to introduce the notion that hijacking (again, persistent & intentional) is not acceptable. This makes sense to me, as (again, correct me if I'm wrong) RIPE isn't involved in routing operations - but that's where hijacking attacks take place. Yes and no (imho). RIPE NCC (and/or the RIPE community) doesn't tell anyone what to configure on their routers. However what's the point of a registry system if some of its members decide to grab some space from other members...? Should RIPE kick out the evil LIRs? Maybe, but the proposed policy doesn't do that. The opposite holds true: "RIPE-716) may apply." and "This policy does not endorse the initiation of an LIR closure procedure on the basis of a single policy violation." No mention what happens after multiple (how many? depending on LIR size? ...) violations. More than one, at least. This is something new in v2, because in the 400+ messages discussion about v1, several voices pointed out that losing LIR status shouldn't happen immediately at the first "offence"... so we took note and accomodated this comment in v2. I can easily agree v2 is less "strict" even if not enough for some (or most) people. I failed to find any way how implementing this proposal would improve security. The way i see this as "preventive", is that *today* there isn't absolutely nothing at RIR/Registry policy level against hijacks (i mean, in any of the 5 RIRs, where we also launched this proposal). If the proposal reaches to a point (clearly not in v2) where it would get adopted, then a potential hijacker would know that it could lose it's LIR status (and corresponding numbering resources). I've also tried to save the proposal's impetus by coming up with realistic and effective suggestions - but failed as well. If you read v1, it was significantly shorter... but the thing is that a lot of people expressed opposition to several aspects (or the lack of some) and we've tried to address them all [back in late April...] :-) For now, my conclusion is that this isn't the way to go. Thanks for your input! Best Regards, Carlos Cheers, Alexander -- Alexander Talos-Zens IT-Security - ACOnet-CERT Zentraler Informatikdienst http://zid.univie.ac.at Universität Wien Universitätsstraße 7 1010 Wien T +43-1-4277-14351 a...@univie.ac.at GPG-Key-Id: 0x757A494B
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
Carlos Nick and others have covered why it should be dropped in their emails to this list. It's also pretty clear that the cost implications of this proposal far outweigh any potential benefit. So it should just be dropped. And your counterargument about cost is completely divorced from economic reality. RIPE NCC are not the routing police. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 09/09/2019, 15:53, "Carlos Friaças" wrote: Hi Michele, All, Can you be more specific about which problems derive from this proposal's simple existence...? About: "going to cost more" -- when you try to improve something, it's generally not cheaper, yes. but then there is "worth", which generates different views. (...) The "causes more harms" bit is mostly derived from the possibility of lawsuits...? Regards, Carlos On Mon, 9 Sep 2019, Michele Neylon - Blacknight wrote: > 100% agreed > > This proposal should be dropped as it's creating more problems, going to cost more and generally causes more harms than those it was aimed to solve. > > > > -- > Mr Michele Neylon > Blacknight Solutions > Hosting, Colocation & Domains > https://www.blacknight.com/ > https://blacknight.blog/ > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Personal blog: https://michele.blog/ > Some thoughts: https://ceo.hosting/ > --- > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty > Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 > > On 05/09/2019, 17:15, "anti-abuse-wg on behalf of Nick Hilliard" wrote: > >Marco Schmidt wrote on 05/09/2019 14:23: >> The RIPE NCC has prepared an impact analysis on this latest proposal >> version to support the community?s discussion. You can find the full >> proposal and impact analysis at: >> https://www.ripe.net/participate/policies/proposals/2019-03 > >that is as damning an impact analysis as I've ever seen, and it sends a >clear signal that the proposal would not solve the root problem while >simultaneously being very harmful to the RIPE NCC. > >I'd like to suggest to the chairs that this proposal be formally >dropped. It's taken up a good deal of working group time at this point >and there is an obvious lack of consensus that the proposal should be >adopted as a policy. > >Nick > > > > >
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
Hi Michele, All, Can you be more specific about which problems derive from this proposal's simple existence...? About: "going to cost more" -- when you try to improve something, it's generally not cheaper, yes. but then there is "worth", which generates different views. (...) The "causes more harms" bit is mostly derived from the possibility of lawsuits...? Regards, Carlos On Mon, 9 Sep 2019, Michele Neylon - Blacknight wrote: 100% agreed This proposal should be dropped as it's creating more problems, going to cost more and generally causes more harms than those it was aimed to solve. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 05/09/2019, 17:15, "anti-abuse-wg on behalf of Nick Hilliard" wrote: Marco Schmidt wrote on 05/09/2019 14:23: > The RIPE NCC has prepared an impact analysis on this latest proposal > version to support the community?s discussion. You can find the full > proposal and impact analysis at: > https://www.ripe.net/participate/policies/proposals/2019-03 that is as damning an impact analysis as I've ever seen, and it sends a clear signal that the proposal would not solve the root problem while simultaneously being very harmful to the RIPE NCC. I'd like to suggest to the chairs that this proposal be formally dropped. It's taken up a good deal of working group time at this point and there is an obvious lack of consensus that the proposal should be adopted as a policy. Nick
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
Hej, this is my first post in this list - my perspective is taht of a security guy with little knowledge about BGP or the inner workings of RIPE, but very interested in everything that helps definding against the bad guys. Den 2019-09-05 kl. 15:23, skrev Marco Schmidt: > The goal of this proposal is to define that BGP hijacking is not > accepted as normal practice within the RIPE NCC service region. Firstly, thanks everyone involved for the effort in setting up this policy proposal. I like many points, e.g. that it makes clear that accidental events shall not be reprimanded. Others might deserve being rephrased, e.g. CSIRTS being entitled to file reports. On the other hand, I had a hard time trying to determine the positive impact of the proposed policy. On the formal side, to define that hijacking is a violation of policy without specifying which policy is violated gives me a mental blue screen. As far as I know, please correct me if I'm wrong, there is no policy in RIPE that proscribes hijacking, and neither would 2019-03 do that. This makes sense to me, as (again, correct me if I'm wrong) RIPE isn't involved in routing operations - but that's where hijacking attacks take place. Should RIPE kick out the evil LIRs? Maybe, but the proposed policy doesn't do that. The opposite holds true: "RIPE-716) may apply." and "This policy does not endorse the initiation of an LIR closure procedure on the basis of a single policy violation." No mention what happens after multiple (how many? depending on LIR size? ...) violations. I failed to find any way how implementing this proposal would improve security. I've also tried to save the proposal's impetus by coming up with realistic and effective suggestions - but failed as well. For now, my conclusion is that this isn't the way to go. Cheers, Alexander -- Alexander Talos-Zens IT-Security - ACOnet-CERT Zentraler Informatikdienst http://zid.univie.ac.at Universität Wien Universitätsstraße 7 1010 Wien T +43-1-4277-14351 a...@univie.ac.at GPG-Key-Id: 0x757A494B
[anti-abuse-wg] RIPE79 Agenda Creation!
Colleagues, As you're hopefully aware the next RIPE meeting, and so the next meeting of the AA-WG, is just a month away! The AA-WG will be meeting on Thursday 17th October at 09:00 CEST. We have been somewhat remiss in soliciting items for the agenda, so please email aa-wg-ch...@ripe.net with any items you would like to raise, work you believe the WG should be doing or presentations that may be of interest to us all. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
100% agreed This proposal should be dropped as it's creating more problems, going to cost more and generally causes more harms than those it was aimed to solve. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 05/09/2019, 17:15, "anti-abuse-wg on behalf of Nick Hilliard" wrote: Marco Schmidt wrote on 05/09/2019 14:23: > The RIPE NCC has prepared an impact analysis on this latest proposal > version to support the community’s discussion. You can find the full > proposal and impact analysis at: > https://www.ripe.net/participate/policies/proposals/2019-03 that is as damning an impact analysis as I've ever seen, and it sends a clear signal that the proposal would not solve the root problem while simultaneously being very harmful to the RIPE NCC. I'd like to suggest to the chairs that this proposal be formally dropped. It's taken up a good deal of working group time at this point and there is an obvious lack of consensus that the proposal should be adopted as a policy. Nick