Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03
On Fri, Apr 05, 2019 at 01:48:07PM +0100, Carlos Friaas wrote: Imho, that will also depend on this regulator's f-u-n-d-i-n-g model. Or are we supposed to see the uprising of a "FIR" (EU Federal Internet Registry), building on the NIR concept...? :-) That's exactly what I think *will* happen. And it may happen independently of whatever goes on here or in the NCC. (Probably with a "ripedb" built at great cost by a defence contractor which is down half the time and leaks like a sieve) However, I think that if the NCC starts amassing "regulatory" power, this may happen sooner than later... Splitting the service region in two (EU and non-EU) sounds a bit impractical... :-) Not really any more so than the creation of AfriNIC. rgds, SL
Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03
Hi, On Fri, 5 Apr 2019, Sascha Luck [ml] wrote: (...) And who would be doing that regulation? - some EC org (service region goes way beyond EU...) We will see this "EU Internet Regulator" within the term of the next EU Commission / EUPARL. The (probably) next commisssion president Manfred Weber has committed to this: http://www.spiegel.de/politik/ausland/manfred-weber-das-internet-muss-europaeischer-werden-a-1260900.html (Sorry, it's in German. There is no other source I can find) Now, this will happen whether 2019-03 passes or not, the question is will they leave resource management alone, because it works, or will it transfer into the domain of this regulator? "Will _try_ to transfer." -- again, the service region is wider... Imho, that will also depend on this regulator's f-u-n-d-i-n-g model. Or are we supposed to see the uprising of a "FIR" (EU Federal Internet Registry), building on the NIR concept...? :-) As for the service region, the EU cares only about the EU. Whatever happens to the rest of the SR is not their concern. Splitting the service region in two (EU and non-EU) sounds a bit impractical... :-) Regards, Carlos rgds, SL
Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03
On Fri, Apr 05, 2019 at 08:23:12AM +0100, Carlos Friaas wrote: So you seem to prefer regulation over self-regulation? Not per se, just that I'd prefer governmental regulation over the kind of regulation 2019-03 envisions. And who would be doing that regulation? - some EC org (service region goes way beyond EU...) We will see this "EU Internet Regulator" within the term of the next EU Commission / EUPARL. The (probably) next commisssion president Manfred Weber has committed to this: http://www.spiegel.de/politik/ausland/manfred-weber-das-internet-muss-europaeischer-werden-a-1260900.html (Sorry, it's in German. There is no other source I can find) Now, this will happen whether 2019-03 passes or not, the question is will they leave resource management alone, because it works, or will it transfer into the domain of this regulator? As for the service region, the EU cares only about the EU. Whatever happens to the rest of the SR is not their concern. rgds, SL
Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03
Hi, Thanks Wolfgang and Suresh, That's something i have been probably saying in between the lines: it would be easier for anyone on the Internet to evaluate if an hijack took place if more people (or most people) would share their routing views. :-) Carlos On Fri, 5 Apr 2019, Wolfgang Tremmel wrote: Which is why services like RIPE RIS are so valuable to the community. If anybody would just send its full BGP table to RIS detecting hijacks (and later proofing that they happened) would be much easier. If you do not know what I am talking about, read: https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris/ris-peering-policy ...and setup a BGP session to RIS. Wolfgang On 5. Apr 2019, at 01:43, Suresh Ramasubramanian wrote: You might find a hijacked prefix advertised solely to a single asn at an ix where it peers, and this for the purpose of spamming to or otherwise attacking whoever owns the asn. Most of these targeted announcements might not even be visible to anyone else. -- Wolfgang Tremmel Phone +49 69 1730902 26 | Fax +49 69 4056 2716 | Mobile +49 171 8600 816 | wolfgang.trem...@de-cix.net Executive Directors: Harald A. Summa and Sebastian Seifert | Trade Registry: AG Cologne, HRB 51135 DE-CIX Management GmbH | Lindleystrasse 12 | 60314 Frankfurt am Main | Germany | www.de-cix.net
Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03
On Thu, 4 Apr 2019, Sascha Luck [ml] wrote: On Thu, Apr 04, 2019 at 08:32:39PM +0200, Karl-Josef Ziegler wrote: Yes, this is also my opinion. The community should do something against this abusive behavior. If it isn't done by the community there might be some regulation coming from outside, i.e. political entities. And I doubt that this will be the better way to handle this problem. I am starting to come around to the opinion that such regulation would actually be preferrable to this. Legislative regulation, at least in democratic societies, imposes responsibilities but it also gives *rights*. Namely constitutionality, the right to have such regulation applied transparently and fairly and, most importantly, the right to judicial review. None of which applies to the vigilante kind of "justice" the proponents wish the RIPE NCC to become the enforcer of. Given these two choices, I know which way I'd vote. Hi, So you seem to prefer regulation over self-regulation? And who would be doing that regulation? - some EC org (service region goes way beyond EU...) - the Dutch Telecoms Regulator? - ITU-T? - ...? Honestly, i don't have a clue... Regards, Carlos rgds, SL
Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03
Hi, On Thu, 4 Apr 2019, Nick Hilliard wrote: People generally hijack prefixes in order to make money. If hijacked prefixes are not generally visible in the internet, then the value of the hijacking is a good deal lower because the reach is smaller. It depends on the purpose, and if visibility is a key issue or not. :-) In order to stop something like hijacking from being a problem, you don't need to make it impossible to perpetrate - you just need to reduce the value to the point that it's not worth doing it. The problem of that approach is the diversity of goals... What makes hijacking attractive is when transit service providers don't filter ingress prefixes from their customers. The value of hijacking at an IXP will be proportional to the size of the IXP and whether the IXP has implemented filtering policies at their route servers. Direct peering sessions are troublesome, as they generally don't implement prefix filtering. Yes. Trust is generally higher between peers/BGP speakers in a small environment, which might become a vulnerability... But the value depends on the purpose. If the value for the hijacker is in announcing a bogus route just to _one_ network, it's irrelevant if the IXP has 20 members or 200 members. But transit providers are where the bulk of the problem lies, and where efforts need to be concentrated in order to handle the issue. I'm not completely sure about that. MANRS is one part of this effort. Let's hope MANRS can seriously take off in terms of adoption! Cheers, Carlos Nick