[anti-abuse-wg] Helping EU identify BGP Hijacking as a risk

2020-07-09 Thread CSIRT.UMINHO Marco Teixeira 
Hello fellow members,

I will take the chance to also thank Angel for bringing this to our attention.

It seems "regulation" is coming... I wonder if "BGP Hijacking" poses a risk to 
"the safety and rights of users or the rights of companies to compete in a fair 
market". I guess so, and I urge all that feel the same, to participate in this 
public consultation:
hXXps://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12417-Digital-Services-Act-deepening-the-Internal-Market-and-clarifying-responsibilities-for-digital-services/public-consultation

Wouldn't it be great if transit providers registered in the EU, or selling to 
EU companies, were obliged (regulated) to implement RPKI? Maybe we could even 
have the EU "add a routing regulator role to the RIPE NCC"! :)

Regards,
Marco




De: anti-abuse-wg  Em nome de Brian Nisbet
Enviada: 9 de julho de 2020 10:16
Para: Angel Fernandez Pineda ; anti-abuse-wg@ripe.net
Assunto: Re: [anti-abuse-wg] Fwd: Re: botnet controllers

Angel,

Thank you for this, a very useful prompt!

Brian

Brian Nisbet 
Service Operations Manager
HEAnet CLG, Ireland's National Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
+35316609040 mailto:brian.nis...@heanet.ie http://www.heanet.ie
Registered in Ireland, No. 275301. CRA No. 20036270 

From: anti-abuse-wg  on behalf of Angel 
Fernandez Pineda 
Sent: Thursday 9 July 2020 08:16
To: mailto:anti-abuse-wg@ripe.net 
Subject: Re: [anti-abuse-wg] Fwd: Re: botnet controllers 
 
CAUTION[External]: This email originated from outside of the organisation. Do 
not click on links or open the attachments unless you recognise the sender and 
know the content is safe.

Hi,
I would like to make a recommendation to all of you. The EU has opened a 
consultation on the Digital Service Act, a future regulation that aims to 
review the role of digital platforms and technoly intermediaries and establish 
regulations to protect the rights of users and companies that operate online 
wherever is required. Of course, the role of ISPs or organizations like RIPE 
NCC can be subject to asses.

The aim of the European Commission with the consultation is to identify 
situations that put at risk the safety and rights of users or the rights of 
companies to compete in a fair market.

To those of you who know that this discussion, repeated so many times in this 
WG, will not reach to anything, I would like to invite you to dedicate a little 
of your time to answering the consultation. You will find it at:

https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fec.europa.eu%2Finfo%2Flaw%2Fbetter-regulation%2Fhave-your-say%2Finitiatives%2F12417-Digital-Services-Act-deepening-the-Internal-Market-and-clarifying-responsibilities-for-digital-services%2Fpublic-consultation=02%7C01%7C%7C7bf6cb706d5e48b22dc008d823d80370%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637298758391658981=LacRZpFsgQqCcAOQ%2Bzhu64d0ob463OO9IC7MJeXOAMQ%3D=0

Best,
ángel
Grupo Godó de Comunicación


De: anti-abuse-wg  en nombre de Serge 
Droz via anti-abuse-wg 
Enviado: jueves, 9 de julio de 2020 8:29
Para: mailto:anti-abuse-wg@ripe.net 
Asunto: Re: [anti-abuse-wg] Fwd: Re: botnet controllers 
 
Hi Info

Maybe one of the reasons some Non-logging VPNs end up on blacklist sis
that the Non-Looging phrase is just an excuse to not go after misuse.
The rights to privacy and free speech do not mean anything goes.

You can fight abuse without violating privacy. But of course that's not
for free, you need abuse people that investigate and they cost money.
Sadly, many of these VPNs frankly just don't care, using the lame excuse
that they are protecting fundamental rights, when in fact they are just
don't care or take responsibility.

I don't agree with everything Spamhaus does, but I find them responsible
and and always found a way way to talk to them.

I was reluctant writing this, because I'm not sure this discussion will
lead anywhere. It's one of these where opinions seem to already have
been formed.

But you start accusing people of posting anonymously. I totally agree
this is bad, but then, who are you, mailto:i...@fos-vpn.org?

You don't seem to offer a name yourself. I find this a bit hypocritical.

Best
Serge


On 08.07.20 20:46, mailto:i...@fos-vpn.org wrote:
> All I would like from Spamhaus is to stop publishing fake SBL records in
> order to discredit us and to use that to put pressure both upon us and
> our upstreams.
> Non-logging VPN services are as legal within the EU as Exit Nodes of the
> Tor Network (which have massive abuse entries in various data bases,
> especially the larger ones) and public WiFi Hotspots, which can be used
> for abusive

Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro... something...

2019-04-05 Thread CSIRT.UMINHO Marco Teixeira 
Comments inline
=Marco


> On Thu, Apr 04, 2019 at 04:52:32PM +0100, CSIRT.UMINHO Marco Teixeira wrote:
>>While I speak for myself, I might incur the risk of representing a lot of the
>>so-called "Astroturfers?!". While some accuse (please don't take it 
>>personally,
>>it's just clarification) the newcomers of being voiceless, I must say that I
>>have been, with great effort, refraining from going into a long discourse on a
>>list where I am new. That should not be understood as a sign of "spamming" a
>>vetting process, but as a sign of respect for all of you, long-standing 
>>members
>>of RIPE, guardians of our IP addresses, one of the building blocks of the
>>Internet :-)
> 
> I know of forums where "the n00b" is expected to shut up and
> listen, but this is not one of them. At least I have never
> noticed that newcomers weren't welcomed - and as I stated before,
> I personally would like to see more and different voices here -
> and no, not just those who agree with me although I hope some
> will...

It's not a "n00b" issue, for me, it's Netiquete.

> 
> So don't be afraid to speak up if you've something to say!
> 

I just did :)

>>As one last thought, again IMHO, I believe BGP Hijacking is one of the most
>>pressing issues, menacing the Internet resiliency, and it must be dealt with.
>>In the same manner, we apply AUP's to our users, it's RIPE responsibility, to
>>clearly state, it is not acceptable, and it will have consequences... Raising
>>the risk for companies is the only way we tip the balance of "Loss vs 
>>Earning",
>>and hopefully eradicate bad actors, or hopefully even stopping them right at
>>their business plans.
> 
> 1) The RIPE NCC is not the provider of "AUP" for the entire
> Internet or even the Internet of the Service Region. I understand
> that some would *like* it to be, but that is not what the members
> are paying it for.

Never said so. But it does provide a service that is beeing abused! And you 
can't really start to takle that if you don't have policy in place.

> 2) If anyone needs to be "eradicated", I'd prefer that to be
> determined by a judge and, preferably, a jury. NOT some
> neighbourhood watch curtain-twitcher with the help of a monopoly
> service provider.

I believe this argument of yours has been heavilly rebated already so i won't 
get into lenghty conter-argument. Just to say that, by your line of thinking, 
we should disolve RIPE and RIPE-NCC and reclaim a piece of IPv4. If anyone 
doesn't like it, let them sue.

Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro... something...

2019-04-04 Thread CSIRT.UMINHO Marco Teixeira 
(Please mind, this is my personal opinion. The signature was left for consensus 
evaluation and background context)

Dear RIPE associates, and other longtime participants in this mailing list,

While I speak for myself, I might incur the risk of representing a lot of the 
so-called "Astroturfers?!". While some accuse (please don't take it personally, 
it's just clarification) the newcomers of being voiceless, I must say that I 
have been, with great effort, refraining from going into a long discourse on a 
list where I am new. That should not be understood as a sign of "spamming" a 
vetting process, but as a sign of respect for all of you, long-standing members 
of RIPE, guardians of our IP addresses, one of the building blocks of the 
Internet :-)

I have before, stated that you might start to see some newcomers from .PT, and 
the reason for that being related to a famous post from Ronald Guilmette 
mentioning a Portuguese bad actor. This particular BGP Hijack was discussed at 
one of the Portuguese CSIRT Network meetings (www.redecsirt.pt), and draw some 
attention to all the 30+ members, and to me in particular, on the lack of 
policy by RIPE regarding this. So, it's just natural, I guess, that when most 
of my fellow countryman from this security community saw this opportunity of 
amending this, they subscribed and voted +1. After all, if they agree on the 
text of the policy, why pollute the mailing-list with repetitive discourse...

Having said that, please consider for this discussion, from a (no more) RIPE 
outsider, it's somewhat weird that RIPE (as in the community), being an 
association of good people, seems to be somewhat reluctant to take action and 
approve a policy to self regulate against misuse of these same IP resources... 
I understand that we must not "sacrifice our freedom for a small feeling of 
security", but I hope (while I have not read all of RIPE rules on this) that if 
abused, this policy can, any point in time, be put to discussion for review, 
and improve whatever article is being abused.

As for those who defend BGP Hijacks are to be resolved with a BCP (or any other 
"technical solution"), mind that BCP regarding hijacks already have some time 
and little results. As do other BCP, like "source-spoofing" and we still see it 
at large... why? because it hurts your bottom-line. The sole purpose of a 
"Company" is to distribute the largest amount possible of dividends to 
shareholders! (imagine the manpower for transit tear 1's applying BGP 
filtering). It's in these scenarios that regulation comes to play. And better 
to self-regulate then wait for state regulation when the next hijack hits your 
industry 4.0 or your local smart city, or even when some "Einstein" thinks it's 
ok to hijack networks from another country state agency...

As one last thought, again IMHO, I believe BGP Hijacking is one of the most 
pressing issues, menacing the Internet resiliency, and it must be dealt with. 
In the same manner, we apply AUP's to our users, it's RIPE responsibility, to 
clearly state, it is not acceptable, and it will have consequences... Raising 
the risk for companies is the only way we tip the balance of "Loss vs Earning", 
and hopefully eradicate bad actors, or hopefully even stopping them right at 
their business plans.

This is why I support "2019-03 New Policy Proposal (BGP Hijacking is a RIPE 
Policy Violation)"

Best regards, 
Marco
---
CSIRT.UMINHO - Universidade do Minho 
https://csirt.uminho.pt | rep...@csirt.uminho.pt | i...@csirt.uminho.pt 
---

- Mensagem original -
> De: "Brian Nisbet" 
> Para: "anti-abuse-wg" 
> Enviadas: Quinta-feira, 4 De Abril de 2019 9:42:32
> Assunto: [anti-abuse-wg] On +1s and Policy Awareness

> Colleagues,
> 
> Two (broad) things to address, while, of course, noting that I would ask you 
> all
> to assume best intent in all of your fellow working group members. And to post
> as politely as possible yourself!
> 
> I have, repeatedly, pointed out that all of the emails are being read by the
> Co-Chairs and the RIPE PDO. Short messages of support or +1s are noted and
> considered, but this is not a vote. I think I've said that twice now, 
> hopefully
> the third time will be enough. We have also read the opinions of people about
> this, however the original statement remains unchanged. If, at the appropriate
> points, anyone in the working group feels the Co-Chairs have erred in our
> decision regarding consensus, then there is an appeals process.
> 
> RIPE 710 covers the whole PDP and section 4 specifically covers appeals -
> https://www.ripe.net/publications/docs/ripe-710
> 
> On the general awareness of the policy, the announcement on 2019-03 was posted
> to the Policy Announce list and to Routing-WG in addition to here. It has also
> been raised in a few other locations. Given where we are right

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

2019-03-21 Thread CSIRT.UMINHO Marco Teixeira 
(...)
>
> Correct. I disagree with the fundamental concept of turning the
> RIPE NCC from a registry into a regulator.
> 
(...)

While i understand this concern, i must say that communities that do not 
self-regulate, tend to be regulated from above, and that is (usually) not 
desirable.
I think no one is sugesting that RIPE be a regulator, but it should contribute 
to help the community self-regulate.

I guess it's no coincidence that you are seeing new .PT participants supporting 
this policy. Some of Mr. Ronald F. Guilmette latest reports have turned the 
spotlight to Portugal on one of these infamous BGP Hijacks. No one likes to 
have this kind of behaviour on they're door step, but it seems there are 
evidence of RIPE assigned IP space owners doing the same... and, again IMHO, 
RIPE should acknowledge the problem, and let everyone know it's not admissible 
to do that.

So, from where i'm standing, this is the community trying to self-regulate :) 
and this policy tries to do just that.

Best regards
Marco
(opinions are my one)

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

2019-03-20 Thread CSIRT.UMINHO Marco Teixeira 
Good day to all,

I would like to express my support for this policy.

Cumprimentos, 
Marco Teixeira 
---
CSIRT.UMINHO - Universidade do Minho 
Serviços de Comunicações - Campus de Gualtar, 4710-057 Braga - Portugal 
Tel.: +351 253 60 10 20, Fax: +351 253 60 10 29 
https://csirt.uminho.pt | rep...@csirt.uminho.pt | i...@csirt.uminho.pt 
---

- Mensagem original -
De: "Marco Schmidt" 
Para: anti-abuse-wg@ripe.net
Enviadas: Terça-feira, 19 De Março de 2019 12:41:22
Assunto: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE 
Policy Violation)

Dear colleagues,

A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy 
Violation", is now available for discussion.

The goal of this proposal is to define that BGP hijacking is not accepted as 
normal practice within the RIPE NCC service region.

You can find the full proposal at:
https://www.ripe.net/participate/policies/proposals/2019-03

As per the RIPE Policy Development Process (PDP), the purpose of this four-week 
Discussion Phase is to discuss the proposal and provide feedback to the 
proposer.

At the end of the Discussion Phase, the proposers, with the agreement of the 
Anti-Abuse WG co-chairs, decide how to proceed with the proposal.

We encourage you to review this proposal and send your comments to 
 before 17 April 2019.

Kind regards,

Marco Schmidt
Policy Officer
RIPE NCC 

Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum