Re: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79
In message , Suresh Ramasubramanian wrote: >Ruediger has a nice full list of all the other ways a prefix can be mis- >announced or route leaked. Typos, incompetence in setting up load balancers, >so on and forth. However, the number of these that are malicious and that'd >be of interest to the AAWG... Just to clarify, the set of things that might be of interest to me personally is likely to be somewhat larger than the set of things that might be of interest to the AAWG. Regards, rfg
Re: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79
In message <93666.1576523...@segfault.tristatelogic.com>, Ronald F. Guilmette writes >Due to my general ignorance of these matters, I would very much like to >be shown some real-world and current examples of each of the above three >alleged problems, i.e.: > >*) faked origin ASes > >*) AS paths that are not technically valid > >*) ROAs for ASNs that should not show up for public routing. > >I hope that Ruediger is on this list, and that he will provide me with at >least one or two examples of each of the above. You might find it useful to read this IMC paper Taejoong Chung, Emile Aben, Tim Bruijnzeels, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Roland van Rijswijk-Deij, John Rula, and Nick Sullivan. 2019. RPKI is Coming of Age: A Longitudinal Study of RPKI Deployment and Invalid Route Origins. In Proceedings of the Internet Measurement Conference (IMC '19). ACM, New York, NY, USA, 406-419. DOI: https://doi.org/10.1145/3355369.3355596 There's a number of other academic researchers mining the RIPE data (and other repositories) looking for "interesting" announcements ... and then writing papers about what they have found. However if you are looking for spam related wickedness you may need to go rather further than just looking at public data Note also that "faked" and "should not show up" are generally judgement calls based on opinion (sometimes very well informed opinion) or on assertions by the beneficial users of address blocks as to the announcements that can be considered valid. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature
Re: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79
Ruediger has a nice full list of all the other ways a prefix can be mis-announced or route leaked. Typos, incompetence in setting up load balancers, so on and forth. However, the number of these that are malicious and that’d be of interest to the AAWG, is much smaller, wouldn’t you say? From: anti-abuse-wg Date: Tuesday, 17 December 2019 at 3:16 PM To: Ronald F. Guilmette , anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79 Unfortunately as far as I am aware he is not on the list, or at least I have never seen him post here. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie<http://www.heanet.ie> Registered in Ireland, No. 275301. CRA No. 20036270 > -Original Message- > From: anti-abuse-wg On Behalf Of > Ronald F. Guilmette > Sent: Monday 16 December 2019 19:11 > To: anti-abuse-wg@ripe.net > Subject: Re: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG > Minutes from RIPE 79 > > In message > .prod. > outlook.com>, Brian Nisbet wrote: > > >Ruediger said that... [when] he looks at routing tables, he sees a lot > >of odd stuff including faked origin ASes, AS paths that are not > >technically valid, in RPKI – ROAs for ASNs that should not show up for > >public routing. Looking at RPKI, reputation does not help because in > >RPKI there are authorisation forecasts that are completely invalid. > > Due to my general ignorance of these matters, I would very much like to be > shown some real-world and current examples of each of the above three > alleged problems, i.e.: > > *) faked origin ASes > > *) AS paths that are not technically valid > > *) ROAs for ASNs that should not show up for public routing. > > I hope that Ruediger is on this list, and that he will provide me with at > least > one or two examples of each of the above. > > My thanks to him in advance for this. > > > Regards, > rfg
Re: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79
Unfortunately as far as I am aware he is not on the list, or at least I have never seen him post here. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 > -Original Message- > From: anti-abuse-wg On Behalf Of > Ronald F. Guilmette > Sent: Monday 16 December 2019 19:11 > To: anti-abuse-wg@ripe.net > Subject: Re: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG > Minutes from RIPE 79 > > In message > .prod. > outlook.com>, Brian Nisbet wrote: > > >Ruediger said that... [when] he looks at routing tables, he sees a lot > >of odd stuff including faked origin ASes, AS paths that are not > >technically valid, in RPKI – ROAs for ASNs that should not show up for > >public routing. Looking at RPKI, reputation does not help because in > >RPKI there are authorisation forecasts that are completely invalid. > > Due to my general ignorance of these matters, I would very much like to be > shown some real-world and current examples of each of the above three > alleged problems, i.e.: > > *) faked origin ASes > > *) AS paths that are not technically valid > > *) ROAs for ASNs that should not show up for public routing. > > I hope that Ruediger is on this list, and that he will provide me with at > least > one or two examples of each of the above. > > My thanks to him in advance for this. > > > Regards, > rfg
Re: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79
In message , Brian Nisbet wrote: >Ruediger said that... [when] he looks at routing tables, he sees a lot >of odd stuff including faked origin ASes, AS paths that are not >technically valid, in RPKI – ROAs for ASNs that should not show up >for public routing. Looking at RPKI, reputation does not help because >in RPKI there are authorisation forecasts that are completely invalid. Due to my general ignorance of these matters, I would very much like to be shown some real-world and current examples of each of the above three alleged problems, i.e.: *) faked origin ASes *) AS paths that are not technically valid *) ROAs for ASNs that should not show up for public routing. I hope that Ruediger is on this list, and that he will provide me with at least one or two examples of each of the above. My thanks to him in advance for this. Regards, rfg
[anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79
Folks, Please see the draft minutes from our WG Session in Rotterdam. If you have any corrections or objections, could you please let us know ASAP? Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 From: Aa-wg-chair On Behalf Of Alun Davies Sent: Monday 16 December 2019 09:52 To: aa-wg-ch...@ripe.net Subject: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79 Hello Brian, Tobias, Alireza, Please find attached the draft minutes for the Anti-Abuse WG session at RIPE 79. Do take a look when you have a moment and let us know if you’d like any changes made. If we don’t hear back from you by the end of this week, we’ll go ahead and publish them as is to the website. Cheers, Alun Davies RIPE NCC Draft Anti-Abuse WG Minutes RIPE 79.docx Description: Draft Anti-Abuse WG Minutes RIPE 79.docx Anti-Abuse Working Group Thursday, 17 October 09:00 - 10:30 Chair: Brian Nisbet Scribe: Ulka Athale Status: Draft Co-Chair Brian Nisbet welcomed attendees, thanked the RIPE NCC staff supporting with scribing and monitoring chat, the stenographers, and stated that his co-Chair Tobias could not attend the session. The minutes from the Anti-Abuse session at RIPE 78 were approved. In his opening remarks, he mentioned the policy proposal 2019-03 that was withdrawn, and that he was surprised by the form of words of the Impact Analysis and that the Executive Board said that they were not going to do the thing that the community may or may not be asking them to do. In this case the policy proposal was withdrawn, but if it had been approved by the working group, it might have led to a constitutional crisis of sorts, and this is something that should be discussed. Brian asked the room if they had any further remarks on this issue. There were no comments. C.1. RIPE NCC Update on 2017-02 Marco Schmidt - RIPE NCC Presentation available at: https://ripe79.ripe.net/archives/video/244 Jordi Palet Martinez asked if the 25% was after they sent the additional emails, after the automated validation failed. Marco clarified that there was one month in which they sent several automated emails with a stricter tone, and there was still around 20-25% who didnât respond, requiring additional action. Brian Nisbet asked if this now happens as a regular part of the process, once a year. Marco replied that in general it is a part of the regular process. The most important abuse mailboxes to fix were the LIR ones. If the abuse mailboxes of independent resources and more specific PA ones were not working, they would go to the sponsoring LIR to check the abuse contact. Herve Clement, Orange, said that he was pretty happy with the proposal. He added that he had a question about the workload for the RIPE NCC, but that Marco had already partially answered it. He added that he thought that Marco now had an element to respond to the next policy proposals, proposed by Jordi perhaps, to evaluate the possible workload of the RIPE NCC and how to go a step further beyond such verification. Rudiger Volk, Deutsche Telecom, asked Marco whether he saw any additional work to improve this process and the communications attached to it. He said that he didnât find the information he was receiving very helpful, he would require time to work out which customers are actually the source of the problem. He suggested looking into providing mechanisms that automates the research on the RIPE NCC side and allows the recipient of the problem report to do what they are required to without additional efforts. Marco thanked Rudiger for his feedback and said he would talk to him in more detail about how to make things clearer. Brian also thanked Marco for his work as Policy Development Officer, in light of the announcement that Marco will be moving on to the Registration Services team at the RIPE NCC. C.2. Policy Proposal 2019-04 - Validation of "abuse-mailbox" Jordi Palet Martinez, The IPv6 Company Presentation available at: https://ripe79.ripe.net/archives/video/301 Peter Koch, DENIC, commented that when regulators, who are increasingly interested in policy making, come up with suggestions, the community usually demands that it is fact-based policy or evidence-based policy making. He asked Jordi what real world problem he was trying to solve, notwithstanding the inclusion of percentages. Jordi replied that it was simple, the point of having a registry is to have the right registration data. Ruediger said that he agreed with Peter. He had a slightly different angle on the same topic. In many of the policy proposals, it looks like people really want to police and it is not what RIPE is about. It is strange that Germans object to that.