Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Fri, Apr 19, 2019 at 11:02:23PM +0100, Carlos Friaças via anti-abuse-wg wrote: > What i've heard from the Board so far on the list -- and the Board > currently has seven members -- was a concern expressed by Piotr about > timelines, which i think we have addressed in v2.0's text (which i also > hope to see published soon). Just to be clear - that was my private concern and not the Board. Piotr -- Piotr Strzyżewski Silesian University of Technology, Computer Centre Gliwice, Poland
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Fri, 19 Apr 2019, Gert Doering wrote: Hi, On Fri, Apr 19, 2019 at 02:18:25PM +, Suresh Ramasubramanian wrote: It would be an interesting sight to see the chairman and exec board of ripe summoned before a parliament or court to explain the situation. You love to summon up dire legal consequences for the RIPE NCC if this policy isn't coming into place. Over here in Europe, we're not used to just sueing anyone for anything we do not like and actually having chance in succeeding with it. Unless the RIPE NCC is actually *tasked* with "ensuring routing correctness" Hi, RIPE NCC isn't tasked with that, i agree. It is also not tasked in ensuring that party A is just using their own numbering resources. But 2019-03 also doesn't mandate that the RIPE NCC should start verifying that randomly. It just opens the door for someone to report a (suspected) resource hijack, and if a large set of circumstances are aligned, it may open the door to a membership status review -- which won't even happen at the first time... according to the current set of policies. (which it isn't) whether or not someone configures their router correctly cannot construct a liability for the NCC. Maybe it can be a liability if the party responsible for the numbering resources administration does nothing and let's the hijacks run free... Some years ago i had an issue with another RIR about one of its members adding *our address* to one of their netblocks. That registry (whois) entry was clearly forged (the network wasn't and never was running at our address) and it took months to have this corrected with the people who forged the entry and the RIR in question didn't really help. If we had financial losses due to this incorrect entry, wouldn't it be normal to sue also the RIR for not aiding in solving this "address hijack" that hit the registry database??? Now, if the NCC neglects to secure their *registry*, and people can use this neglect to attack others, this might be a valid case to bring forward... Big Kudos to those who have worked hard to try to close this gap lately (also through policy proposals) -- you know who you are... :-)) Regards, Carlos Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Fri, 19 Apr 2019, Nick Hilliard wrote: Carlos Friaças via anti-abuse-wg wrote on 19/04/2019 15:03: Would you find reasonable to have the rule/policy in place say for 2 or 3 years, and then evaluate its impact/efectiveness...? No. In principle, the proposal is completely broken, antithetical to the RIPE NCC's obligations of being an address registry and Randy was right to point out that it is a proposal for a kangaroo court. We don't need to make the mistake of testing it out to make sure. Hi, This question was just to express that noone really knows if the impact on abuse will be significant, minimal or none (but it seems there are people trying to state something without real data to back it up). I would also like to read Gert's opinion on this. It will not have any material impact on hijacking; Oh, so you do have the data...? there are better ways of handling hijacking Such as...? and the proposal will have a wide variety of serious but unintended side effects, some of which have been raised on this mailing list. Do you care to list them, so we can work on their mitigation? (i mean, those who have been raised in a disperse way in this list and those who haven't been raised yet) And it's unimplementable - the board of the RIPE NCC would have a fiduciary duty to refuse to implement it. Because you say so. What i've heard from the Board so far on the list -- and the Board currently has seven members -- was a concern expressed by Piotr about timelines, which i think we have addressed in v2.0's text (which i also hope to see published soon). Best Regards, Carlos Nick
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Fri, Apr 19, 2019 at 02:52:48PM +, Suresh Ramasubramanian wrote: > They had a fiduciary duty not to hand out whole /14s of v4 space to snowshoe > spammers set up as eastern european LIRs not too long back As long as spamming is a perfectly legal business in the appropriate jurisdiction, it consists a valid requirement for IPv4 space. The RIPE NCC can not and MUST NOT decide what is "appropriate" use of IP address space. There is laws and courts to do that (and if a LIR is convicted of criminal activity, they will be closed down). But you know all this. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Fri, Apr 19, 2019 at 02:18:25PM +, Suresh Ramasubramanian wrote: > It would be an interesting sight to see the chairman and exec board of ripe > summoned before a parliament or court to explain the situation. You love to summon up dire legal consequences for the RIPE NCC if this policy isn't coming into place. Over here in Europe, we're not used to just sueing anyone for anything we do not like and actually having chance in succeeding with it. Unless the RIPE NCC is actually *tasked* with "ensuring routing correctness" (which it isn't) whether or not someone configures their router correctly cannot construct a liability for the NCC. Now, if the NCC neglects to secure their *registry*, and people can use this neglect to attack others, this might be a valid case to bring forward... Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
> They had a fiduciary duty not to hand out whole /14s of v4 space to > snowshoe spammers set up as eastern european LIRs not too long back as i intended by my reference to martin niemöller, i suspect that's who the net police/vigilantes will come for next. and then ... and then ... it is incremental, each justifies the next. the problem with making weapons is that they will be abused. a good piece on this the other day in the wapo, https://www.washingtonpost.com/opinions/technology-can-be-put-to-good-use--or-hasten-the-demise-of-the-human-race/2019/04/09/c7af4b2e-56e1-11e9-8ef3-fbd41a2ce4d5_story.html there are other means to deal with the hijacking problem without becoming police, judge, jury, and prison all rolled into one. push the technical approaches. use legal resources, the rule of law, before trump erodes it entirely. i hope we are above becoming a lynch mob. randy
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
They had a fiduciary duty not to hand out whole /14s of v4 space to snowshoe spammers set up as eastern european LIRs not too long back They would now as well if such duty wasn't abdicated each time The duty doesn't magically go away of course even if it is abdicated and denied --srs From: anti-abuse-wg on behalf of Nick Hilliard Sent: Friday, April 19, 2019 8:16 PM To: Carlos Friaças Cc: Gert Doering; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) Carlos Friaças via anti-abuse-wg wrote on 19/04/2019 15:03: > Would you find reasonable to have the rule/policy in place say for 2 or > 3 years, and then evaluate its impact/efectiveness...? No. In principle, the proposal is completely broken, antithetical to the RIPE NCC's obligations of being an address registry and Randy was right to point out that it is a proposal for a kangaroo court. We don't need to make the mistake of testing it out to make sure. It will not have any material impact on hijacking; there are better ways of handling hijacking and the proposal will have a wide variety of serious but unintended side effects, some of which have been raised on this mailing list. And it's unimplementable - the board of the RIPE NCC would have a fiduciary duty to refuse to implement it. Nick
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Carlos Friaças via anti-abuse-wg wrote on 19/04/2019 15:03: Would you find reasonable to have the rule/policy in place say for 2 or 3 years, and then evaluate its impact/efectiveness...? No. In principle, the proposal is completely broken, antithetical to the RIPE NCC's obligations of being an address registry and Randy was right to point out that it is a proposal for a kangaroo court. We don't need to make the mistake of testing it out to make sure. It will not have any material impact on hijacking; there are better ways of handling hijacking and the proposal will have a wide variety of serious but unintended side effects, some of which have been raised on this mailing list. And it's unimplementable - the board of the RIPE NCC would have a fiduciary duty to refuse to implement it. Nick
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
For those saying "Dutch court" etc please do be careful what you're asking for. Experience in two decades of anti abuse work says that if a particular form of abuse is allowed and even waved away so there's an enforcement gap, and that form of abuse is used to successfully attack something important and news making (lets say the European parliament or the defence forces of an EU country). Plausible - people can hijack address space belonging to most anybody. It would be an interesting sight to see the chairman and exec board of ripe summoned before a parliament or court to explain the situation. --srs From: anti-abuse-wg on behalf of Carlos Friaças via anti-abuse-wg Sent: Friday, April 19, 2019 7:33 PM To: Gert Doering Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) On Fri, 19 Apr 2019, Gert Doering wrote: > Hi, > (...) > But anyway: the point that Randy is making that this policy is neither > common sense, nor effective in reducing abuse. So it's not the way to go. Hi, 72 countries/economies in the service region (and in reality, the world), so i suspect "common sense" might turn out to be a tricky concept... :-) But in fact, i think most Internet users would say it's common sense to have a rule saying that company A using resources held by company B (intentionally and persistently) is not tolerable. About effectiveness in reducing abuse: We don't have any data, we would need to have the rule in place first... :-) Would you find reasonable to have the rule/policy in place say for 2 or 3 years, and then evaluate its impact/efectiveness...? Regards, Carlos > Gert Doering > -- NetMaster > -- > have you enabled IPv6 on something today...? > > SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen HRB: 136055 (AG Muenchen) > Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 >
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Fri, 19 Apr 2019, ac wrote: (...) But anyway: the point that Randy is making that this policy is neither common sense, nor effective in reducing abuse. So it's not the way to go. so you are taking it upon yourself to attach your own opinion by commenting on how you interpret the point(s) Randy is making? how rude and presumptuous of yourself. it seems many people (including myself) are rude, obnoxious, not tolerant as well as very impolite and "unconsiderate" Please let's not start with that... (disclaimer: i value Gert's opinion on any Internet related subject as much as i value Randy's) Anyway, to add my own interpretation, seeing as this is what we are now reduced to, I am understanding that Randy is pointing out that when 2019-03 moves forward, this is common sense and not a "slippery slope" It wasn't clear enough for me too at first, but i now clearly know that Randy objects 2019-03 (i.e. the potential "police state" and less energy in routing security). *sigh* - this is one of the most commented on and longest suffering thread(s) ever. It seems there are vested interests in ensuring that RIPE does not exercise any administrative (or limited) authority and only acts as a 'sort of' loose record or some sort of index of who may possibly or potentially be assigned which public resources... i.e. "land registry" has already been mentioned. Which is something i completely disagree, because, i don't see a (real) land registry as a member association, and having a role to actually distribute land -- among other details... I just wish to add the one thing that I have not yet seen in the thread(s): I would propose that should RIR not act with administrative authority we can expect world governments to legislate as chaos is not in the best interests of civil society. I'm not sure if that is the case for all governments in the world, but yes, i think that without enough self-regulation, some jurisdictions may perceive that more legislation is needed... so yes, i also see that risk. Even from the individual perspective of an average Internet user, it could be hard to understand how resource hijackers are tolerated by the very same organisations that have administrative powers over said resources. Regards, Carlos Andre
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Fri, 19 Apr 2019, Gert Doering wrote: Hi, (...) But anyway: the point that Randy is making that this policy is neither common sense, nor effective in reducing abuse. So it's not the way to go. Hi, 72 countries/economies in the service region (and in reality, the world), so i suspect "common sense" might turn out to be a tricky concept... :-) But in fact, i think most Internet users would say it's common sense to have a rule saying that company A using resources held by company B (intentionally and persistently) is not tolerable. About effectiveness in reducing abuse: We don't have any data, we would need to have the rule in place first... :-) Would you find reasonable to have the rule/policy in place say for 2 or 3 years, and then evaluate its impact/efectiveness...? Regards, Carlos Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Thu, 18 Apr 2019, Fi Shing wrote: What absolute crap. Why is that every time something resembling common sense enters this group, there are these people who insist on using slippery slop fallacy? https://en.wikipedia.org/wiki/Slippery_slope It wouldn't half surprise me if people like this "randy bush" are motivated by criminal groups. I cannot think of any reason, other than a criminal one, why someone would object to common sense policy that leads to a reduction in abuse. (Usually, there is one other motivation (financial) but not in this proposal). Hi, Please let me tell you that you are absolutely wrong about Randy Bush. I co-authored another policy proposal together with Randy (and also some other people who have already objected to 2019-03) some years ago. Randy's contribution is always appreciated and (at least) i feel very lucky when he shows up at RIPE meetings, and i happen to be there too. I hope this will destroy any doubt you may have about Randy: https://www.internethalloffame.org/inductees/randy-bush Let me also say that i think that energy into improving/deploying routing security (RPKI, MANRS, ...) should in any way be reduced just because of what 2019-03 proposes. Randy's position is obviously not irrelevant for me, as other person who frequently brings as much value to the RIPE community as Randy does, already told me (in private), in even a less positive way. Regards, Carlos Original Message ---- Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) From: Randy Bush Date: Fri, April 19, 2019 1:55 am To: anti-abuse-wg@ripe.net < rant > this is insane. neither ripe nor the ncc should be the net police, courts, and prison rolled into one kangaroo court. it is droll that the erstwhile anti-abuse working group becomes a self-righteous abuser. so it is with so many abused children. put your energy into routing security not converting ripe and the ncc into an authoritarian state. we have enough of those. randy
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
very well said Randy, +1 On Fri, 19 Apr 2019 at 11:33, Randy Bush wrote: > > so you are taking it upon yourself to attach your own opinion by > > commenting on how you interpret the point(s) Randy is making? > > > > how rude and presumptuous of yourself. > > QED? i wish folk would not resort to ad homina > > > it seems many people (including myself) are rude, obnoxious, not > > tolerant as well as very impolite and "unconsiderate" > > > > Anyway, to add my own interpretation, seeing as this is what we are now > > reduced to, I am understanding that Randy is pointing out that when > > 2019-03 moves forward, this is common sense and not a "slippery slope" > > no. gert was correct. but you are correct in the sense that it is not > a slippery slope. it is the bottom of the slope. > > the slope started with insufficient diligence in registration services > when dealing with some quite abusive actors. next, in the process of > cleaning it up, american style lawyers created the overreaching ripe-716 > to formalize a weapon to punish miscreants. now folk in this wg wave > the weapon around to punish others who might be miscreants of a > different sort. > > a martin niemöller quote comes to mind. > > as does "the only winning move is not to play." > > randy, who thinks this is a sad day for the ripe community > > -- -- Kind regards. Lu
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
> so you are taking it upon yourself to attach your own opinion by > commenting on how you interpret the point(s) Randy is making? > > how rude and presumptuous of yourself. QED? i wish folk would not resort to ad homina > it seems many people (including myself) are rude, obnoxious, not > tolerant as well as very impolite and "unconsiderate" > > Anyway, to add my own interpretation, seeing as this is what we are now > reduced to, I am understanding that Randy is pointing out that when > 2019-03 moves forward, this is common sense and not a "slippery slope" no. gert was correct. but you are correct in the sense that it is not a slippery slope. it is the bottom of the slope. the slope started with insufficient diligence in registration services when dealing with some quite abusive actors. next, in the process of cleaning it up, american style lawyers created the overreaching ripe-716 to formalize a weapon to punish miscreants. now folk in this wg wave the weapon around to punish others who might be miscreants of a different sort. a martin niemöller quote comes to mind. as does "the only winning move is not to play." randy, who thinks this is a sad day for the ripe community
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Fri, 19 Apr 2019 09:51:56 +0200 Gert Doering wrote: > On Thu, Apr 18, 2019 at 07:33:19PM -0700, Fi Shing wrote: > > What absolute crap. > > Why is that every time something resembling common sense enters > > this group, there are these people who insist on using slippery > > slop fallacy? > style=""> > mce_style="font-size: 12pt;" style=""> > > HTML-mails, top posted, on a mailing list that has a different mail > style. Very impolite and unconsiderate. > +1, but anyway... > But anyway: the point that Randy is making that this policy is neither > common sense, nor effective in reducing abuse. So it's not the way > to go. > so you are taking it upon yourself to attach your own opinion by commenting on how you interpret the point(s) Randy is making? how rude and presumptuous of yourself. it seems many people (including myself) are rude, obnoxious, not tolerant as well as very impolite and "unconsiderate" Anyway, to add my own interpretation, seeing as this is what we are now reduced to, I am understanding that Randy is pointing out that when 2019-03 moves forward, this is common sense and not a "slippery slope" *sigh* - this is one of the most commented on and longest suffering thread(s) ever. It seems there are vested interests in ensuring that RIPE does not exercise any administrative (or limited) authority and only acts as a 'sort of' loose record or some sort of index of who may possibly or potentially be assigned which public resources... I just wish to add the one thing that I have not yet seen in the thread(s): I would propose that should RIR not act with administrative authority we can expect world governments to legislate as chaos is not in the best interests of civil society. Andre
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Thu, Apr 18, 2019 at 07:33:19PM -0700, Fi Shing wrote: > What absolute crap. Why is that > every time something resembling common sense enters this group, there are > these people who insist on using slippery slop fallacy? style=""> style=""> style=""> href="https://en.wikipedia.org/wiki/Slippery_slope"; > style="">https://en.wikipedia.org/wiki/Slippery_slope style=""> style=""> style="">It wouldn't half surprise me if people like this "randy bush" are > motivated by criminal groups. I cannot think of any reason, other than a > criminal one, why someone would object to common sense policy that leads to a > reduction in abuse. mce_style="font-size: 12pt;" style="">(Usually, there is one other motivation > (financial) but not in this proposal). mce_style="font-size: 12pt;" style=""> HTML-mails, top posted, on a mailing list that has a different mail style. Very impolite and unconsiderate. But anyway: the point that Randy is making that this policy is neither common sense, nor effective in reducing abuse. So it's not the way to go. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
> It wouldn't half surprise me if people like this "randy bush" are > motivated by criminal groups. ROFL i have been allied with satan for years and am damned proud of it.
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
What absolute crap. Why is that every time something resembling common sense enters this group, there are these people who insist on using slippery slop fallacy?https://en.wikipedia.org/wiki/Slippery_slopeIt wouldn't half surprise me if people like this "randy bush" are motivated by criminal groups. I cannot think of any reason, other than a criminal one, why someone would object to common sense policy that leads to a reduction in abuse.(Usually, there is one other motivation (financial) but not in this proposal). Original Message -------- Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) From: Randy Bush <ra...@psg.com> Date: Fri, April 19, 2019 1:55 am To: anti-abuse-wg@ripe.net < rant > this is insane. neither ripe nor the ncc should be the net police, courts, and prison rolled into one kangaroo court. it is droll that the erstwhile anti-abuse working group becomes a self-righteous abuser. so it is with so many abused children. put your energy into routing security not converting ripe and the ncc into an authoritarian state. we have enough of those. randy
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
I apologize for the incorrect date in my previous email, I didn't realize that Windows suddenly stopped knowing what time it was. - Cynthia On 2019-04-18 15:58, Cynthia Revström wrote: +1 - Cynthia On 2019-04-18 17:55, Randy Bush wrote: < rant > this is insane. neither ripe nor the ncc should be the net police, courts, and prison rolled into one kangaroo court. it is droll that the erstwhile anti-abuse working group becomes a self-righteous abuser. so it is with so many abused children. put your energy into routing security not converting ripe and the ncc into an authoritarian state. we have enough of those. randy
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
+1 - Cynthia On 2019-04-18 17:55, Randy Bush wrote: < rant > this is insane. neither ripe nor the ncc should be the net police, courts, and prison rolled into one kangaroo court. it is droll that the erstwhile anti-abuse working group becomes a self-righteous abuser. so it is with so many abused children. put your energy into routing security not converting ripe and the ncc into an authoritarian state. we have enough of those. randy
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
< rant > this is insane. neither ripe nor the ncc should be the net police, courts, and prison rolled into one kangaroo court. it is droll that the erstwhile anti-abuse working group becomes a self-righteous abuser. so it is with so many abused children. put your energy into routing security not converting ripe and the ncc into an authoritarian state. we have enough of those. randy
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Thu, 18 Apr 2019, Richard Clayton wrote: Hard to tell in some cases whether the people running the hosting company were merely in league with the hijackers or the hijackers themselves. Only a court would care about the difference -- the practical view is that it just means that action needs to be taken by peers or by an IXP (or both) Even harder is having a court decision about such a matter. and rightly so ... and in my experience (you really should note the people here with experience) they want to gather their own evidence and form their own judgment before doing something so significant. That's why your proposal for RIPE NCC being forced to act by a semi-detached panel of experts is so deeply flawed. Why "semi-detached"? They must be impartial to start with. I agree IXPs are important. However the RIRs can be useful at a larger scale... you have no evidence for that -- you are just hoping that they will be One IXP can show a bad actor the door. The RIR, by revoking an ASN number (if it gets to that) can make the bad actor lose the main technical requirement to be part of most IXPs. That said, *if* this happens, it's not a company shutdown, but the company will need a new ASN number, at least to keep its operation in several IXPs. Again, without an ASN, company operation would still be possible (outside IXP environment), resorting even to a single upstream. Carlos
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Thu, 18 Apr 2019, Peter Koch wrote: (...) BGP hijacking completely negates the purpose of a (Regional Internet) Registry. This is unclear to me. The Registry registers address space, not routes. Yes, but one of the main purposes of a Registry is that everyone knows who is using a specific resource (or who is the legitimate holder). Definitely the registry puts on record who the holder is, I'm not sure that always includes "use". Without any rights of use attached, the value of having a registry is close to none. If someone hijacks a resource to engage in a criminal activity, then the value for the legitimate holder of having a reference in the registry can be even *negative*, if he's forced to prove that he actually didn't have any part in said criminal activity... Those who are intentionally and continuously hijacking resources are removing value from the Registry for the whole community. Quite to the contrary. Without the registry you couldn't even tell. Step 1 - Have a registry. Check. Step 2 - Make people abide by the registy. Oooops. :/ What's the point in having a Registry if people just decide which numbers to use, even if those Internet numbers are attached to another org with legitimate holdership and exclusive rights of usage? That question answers itself. Even more so, what's the point of removing the resources registered by those "people" if they allegedly don't care anyway? If an hijacker loses the rights to use its ASN, their peers/upstreams will likely need to review their configs/neighborships... The rule, as we speak doesn't exist. Maybe using different wording, it could mean: "Resource hijacking is not allowed". Period. While "hijacking" still needs to be defined, the statement in and of itself is not a policy. We hope to improve the definition in version 2.0. I disagree when you say " is not allowed" is not a policy. So, the main/only course of action, as i see it today for an hijacked party (if the hijacker is from the RIPE region), is sending a complaint to a dutch court... and it's doubtful if the dutch court will not rule itself to be "unable to rule" on the matter... Why would you ask the Dutch court? It's the only court who can rule that the RIPE NCC needs to do something... Thanks to the Registry DB, the hijacked party is hopefully able to prove holdership of a resource to take mitigation to the operational level. Hopefully, yes. But that won't stop the hijacker to hop on to the next hijack/victim... Again, we're focusing on the hijacked party as the sole victim, when those who *receive* hijacked routes are also the victims, as their traffic is attracted from such bogus announcements. Cheers, Carlos -Peter
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , Carlos Friaças writes >>> On Thu, 18 Apr 2019, Richard Clayton wrote: ... I am aware of peer pressure (literally), action by IXPs, action by organisations providing reputation scores and even action by hosting companies. >>> >>> Yes, i'm aware of that too. Sometimes it fixes specific hijacks, but does >>> it stop or in anyway cause a delay for hijackers to hop onto the next >>> hijack...??? >> >> All of examples I gave come from my experience in putting a stop to >> various actors hijacking address space. Now it may be that the same >> actors have come back and found another completely different hosting >> company to carry their hijacks -- but getting them to start again from >> scratch has always looked like a win to me. > >It's also a win in my dictionary. :-))) > >But didn't you see any cases where the hijacker was the hosting company itself? Hard to tell in some cases whether the people running the hosting company were merely in league with the hijackers or the hijackers themselves. Only a court would care about the difference -- the practical view is that it just means that action needs to be taken by peers or by an IXP (or both) >> In particular there is nothing like being thrown off an IXP for putting >> a crimp in your operations. There's real money involved. > >With my IXP hat on, i can say that removing a member is not something the IXP >will do lightly. and rightly so ... and in my experience (you really should note the people here with experience) they want to gather their own evidence and form their own judgment before doing something so significant. That's why your proposal for RIPE NCC being forced to act by a semi-detached panel of experts is so deeply flawed. >> I advised you before to give up on getting RIPE to develop a completely >> new approach to tackling abuse (especially since it really is not going >> all that well) -- and instead to put your effort into getting IXPs to >> develop robust policies in this space. After all IXPs and routing are a >> far better fit that an RIR and routing. > >I agree IXPs are important. However the RIRs can be useful at a larger scale... you have no evidence for that -- you are just hoping that they will be -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Thu, 18 Apr 2019, Richard Clayton wrote: On Thu, 18 Apr 2019, Richard Clayton wrote: ... I am aware of peer pressure (literally), action by IXPs, action by organisations providing reputation scores and even action by hosting companies. Yes, i'm aware of that too. Sometimes it fixes specific hijacks, but does it stop or in anyway cause a delay for hijackers to hop onto the next hijack...??? All of examples I gave come from my experience in putting a stop to various actors hijacking address space. Now it may be that the same actors have come back and found another completely different hosting company to carry their hijacks -- but getting them to start again from scratch has always looked like a win to me. It's also a win in my dictionary. :-))) But didn't you see any cases where the hijacker was the hosting company itself? In particular there is nothing like being thrown off an IXP for putting a crimp in your operations. There's real money involved. With my IXP hat on, i can say that removing a member is not something the IXP will do lightly. I advised you before to give up on getting RIPE to develop a completely new approach to tackling abuse (especially since it really is not going all that well) -- and instead to put your effort into getting IXPs to develop robust policies in this space. After all IXPs and routing are a far better fit that an RIR and routing. I agree IXPs are important. However the RIRs can be useful at a larger scale... hijacks are reported in numerous places, the NANOG mailing list springs immediately to mind -- and posting there is certainly easy Yes i'm aware about it, but is that the (globally?) de-facto place for raising anyone's attention to an hijack or an hijacker operation? it's not ideal from a global perspective, but it is certainly the de- facto place at the moment H. Perhaps we should look at how many hijack reports get there per year... Thanks, Carlos -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Carlos, all, On Wed, Apr 17, 2019 at 10:13:56PM +0100, Carlos Friaças via anti-abuse-wg wrote: > > I also believe that certains occurences of "hijacking" constitute > > unfriendly action, likely involving violation of crominal codes. > > Yes, however, jurisdictions (and lack of laws in some of it) sometimes work > against stopping criminal activities (again, dozens of different legal > systems in the RIPE NCC Service Region, and beyond). the Rule of Law principle is an achievement even if it appears to make things complicated at times. > > > BGP hijacking completely negates the purpose of a (Regional Internet) > > > Registry. > > > > This is unclear to me. The Registry registers address space, not routes. > > Yes, but one of the main purposes of a Registry is that everyone knows who > is using a specific resource (or who is the legitimate holder). Definitely the registry puts on record who the holder is, I'm not sure that always includes "use". > Those who are intentionally and continuously hijacking resources are > removing value from the Registry for the whole community. Quite to the contrary. Without the registry you couldn't even tell. > What's the point in having a Registry if people just decide which numbers to > use, even if those Internet numbers are attached to another org with > legitimate holdership and exclusive rights of usage? That question answers itself. Even more so, what's the point of removing the resources registered by those "people" if they allegedly don't care anyway? > The rule, as we speak doesn't exist. Maybe using different wording, it could > mean: "Resource hijacking is not allowed". Period. While "hijacking" still needs to be defined, the statement in and of itself is not a policy. > So, the main/only course of action, as i see it today for an hijacked party > (if the hijacker is from the RIPE region), is sending a complaint to a dutch > court... and it's doubtful if the dutch court will not rule itself to be > "unable to rule" on the matter... Why would you ask the Dutch court? Thanks to the Registry DB, the hijacked party is hopefully able to prove holdership of a resource to take mitigation to the operational level. -Peter
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , Carlos Friaças writes > >On Thu, 18 Apr 2019, Richard Clayton wrote: > >> ... I am aware of peer pressure (literally), action by IXPs, action by >> organisations providing reputation scores and even action by hosting >> companies. > >Yes, i'm aware of that too. Sometimes it fixes specific hijacks, but does >it stop or in anyway cause a delay for hijackers to hop onto the next >hijack...??? All of examples I gave come from my experience in putting a stop to various actors hijacking address space. Now it may be that the same actors have come back and found another completely different hosting company to carry their hijacks -- but getting them to start again from scratch has always looked like a win to me. In particular there is nothing like being thrown off an IXP for putting a crimp in your operations. There's real money involved. I advised you before to give up on getting RIPE to develop a completely new approach to tackling abuse (especially since it really is not going all that well) -- and instead to put your effort into getting IXPs to develop robust policies in this space. After all IXPs and routing are a far better fit that an RIR and routing. >> hijacks are reported in numerous places, the NANOG mailing list springs >> immediately to mind -- and posting there is certainly easy > >Yes i'm aware about it, but is that the (globally?) de-facto place for >raising anyone's attention to an hijack or an hijacker operation? it's not ideal from a global perspective, but it is certainly the de- facto place at the moment -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
El 18/4/19 9:15, "anti-abuse-wg en nombre de Carlos Friaças via anti-abuse-wg" escribió: Hi, On Thu, 18 Apr 2019, Töma Gavrichenkov wrote: > On Thu, Apr 18, 2019 at 1:39 AM Carlos Friaças via anti-abuse-wg > wrote: >> And how will a dutch court determine a wrong decision was made? by getting >> a different set of experts...? > > E.g. by judging on an evidence found later, and with that evidence > making a decision that original set of experts did their job poorly. Experts (on any given subject matter) can be wrong, if they look only at a specific dataset. Even in courts cases, experts (judicial experts, "peritos judiciales" in Spanish), can produce wrong advice. This is why we have an appeal process. If data is not available on the year a crime was commited, and it surfaces only 5 years later, i wouldn't say the experts did a poor job. They might have done a good job with the data available at the time. > NCC has arbiters for quite a while. Who's responsible for their mistakes? Curiously or not, that's where all of this started: my first take was to think that arbiters were the solution, but *several* people pointed out the current pool of RIPE arbiters was formed for a different purpose and some of them might not have the skills (or the will...) to look into hijacking cases. >> It shouldn't be the RIPE NCC, if the RIPE NCC is just following >> the defined policy. > > Honestly, I think it's the opposite. If the NCC terminates a > membership agreement, it should be liable for all the consequences of > a wrong decision no matter how exactly the decision is made and what > arbiters/experts/oracles/grandmoms were asked for a definitive advice. OK, but that is relative to *any* termination reason, be it immediate or on a specific timescale (see RIPE-716). I would like to know how many dutch court cases were filed to the date against RIPE NCC about wrongful membership agreement termination. Interesting question, and I will say that if we can have that information (I guess Marco can ask "officially" for it to other RIRs) for all the RIRs, even better. This is public information, but you need to search for it, while the RIRs know very well all their cases (if there are any). Thanks, Carlos ps: we've missed grandmoms on version 2.0's text. sorry about that :-)) > -- > Töma > ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Thu, 18 Apr 2019, Töma Gavrichenkov wrote: Fat fingers, ...we all have it :-) On Thu, Apr 18, 2019 at 3:17 AM Töma Gavrichenkov wrote: Honestly, I think it's the opposite. If the NCC terminates a membership agreement, it should be liable for all the consequences of a wrong decision no matter how exactly the decision is made and what arbiters/experts/oracles/grandmoms were asked for a definitive advice. .., because if it turns out that the experts or oracles prepared a bad advice, it would be the NCC's responsibility for not choosing a better set of experts of oracles. This sounds a bit far fetched to me... I think it's not the NCC's role to select people, it should be the community's... In any case, an individual won't be able to compensate a financial damage Liability insurance? (yes, i know... cost) of an average ISP being shut down anyway, so it must be an org, and highly unlikely it could be that individual's employer. Does a RIPE NCC Service Agreement termination mean that an ISP or a company is necessarily shutdown...??? The NCC's membership base is not exclusively formed by ISPs to start with... If someone doesn't abide by the rules, and needs to keep supplying services to 3rd parties, it can resort to other LIR's services. Yes, that will at least imply a renumbering, which means added cost, but it will not necessarily mean the company will face a shutdown. Regards, Carlos -- Töma
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Thu, 18 Apr 2019, Töma Gavrichenkov wrote: On Thu, Apr 18, 2019 at 1:39 AM Carlos Friaças via anti-abuse-wg wrote: And how will a dutch court determine a wrong decision was made? by getting a different set of experts...? E.g. by judging on an evidence found later, and with that evidence making a decision that original set of experts did their job poorly. Experts (on any given subject matter) can be wrong, if they look only at a specific dataset. If data is not available on the year a crime was commited, and it surfaces only 5 years later, i wouldn't say the experts did a poor job. They might have done a good job with the data available at the time. NCC has arbiters for quite a while. Who's responsible for their mistakes? Curiously or not, that's where all of this started: my first take was to think that arbiters were the solution, but *several* people pointed out the current pool of RIPE arbiters was formed for a different purpose and some of them might not have the skills (or the will...) to look into hijacking cases. It shouldn't be the RIPE NCC, if the RIPE NCC is just following the defined policy. Honestly, I think it's the opposite. If the NCC terminates a membership agreement, it should be liable for all the consequences of a wrong decision no matter how exactly the decision is made and what arbiters/experts/oracles/grandmoms were asked for a definitive advice. OK, but that is relative to *any* termination reason, be it immediate or on a specific timescale (see RIPE-716). I would like to know how many dutch court cases were filed to the date against RIPE NCC about wrongful membership agreement termination. Thanks, Carlos ps: we've missed grandmoms on version 2.0's text. sorry about that :-)) -- Töma
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Thu, 18 Apr 2019, Richard Clayton wrote: In message , Carlos Friaças via anti-abuse-wg writes So, the main/only course of action, as i see it today for an hijacked party (if the hijacker is from the RIPE region), is sending a complaint to a dutch court... and it's doubtful if the dutch court will not rule itself to be "unable to rule" on the matter... You are entirely incorrect that using the courts is the "main" or "only" course of action. Numerous hijack events have been dealt with down the years. I am not aware of any instance in which a court got involved in stopping the hijack from happening ... OK, so if courts are not an option... ... I am aware of peer pressure (literally), action by IXPs, action by organisations providing reputation scores and even action by hosting companies. Yes, i'm aware of that too. Sometimes it fixes specific hijacks, but does it stop or in anyway cause a delay for hijackers to hop onto the next hijack...??? However, yes, there are hijacks originating from the region, and there isn't an easy way for anyone to report it, so hijacks (or persistent hijackers) are stopped. hijacks are reported in numerous places, the NANOG mailing list springs immediately to mind -- and posting there is certainly easy Yes i'm aware about it, but is that the (globally?) de-facto place for raising anyone's attention to an hijack or an hijacker operation? Trying to sum it up in just a line: "Persistent and intentional resource hijacking is not tolerated." I'm still looking forward to the wording that will deal with the US DoD Won't that fall under "legacy"...? Are we having this discussion under RIPE or under ARIN? :-))) Regards, Carlos -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Fat fingers, On Thu, Apr 18, 2019 at 3:17 AM Töma Gavrichenkov wrote: > Honestly, I think it's the opposite. If the NCC terminates a > membership agreement, it should be liable for all the consequences of > a wrong decision no matter how exactly the decision is made and what > arbiters/experts/oracles/grandmoms were asked for a definitive advice. .., because if it turns out that the experts or oracles prepared a bad advice, it would be the NCC's responsibility for not choosing a better set of experts of oracles. In any case, an individual won't be able to compensate a financial damage of an average ISP being shut down anyway, so it must be an org, and highly unlikely it could be that individual's employer. -- Töma
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Thu, Apr 18, 2019 at 1:39 AM Carlos Friaças via anti-abuse-wg wrote: > And how will a dutch court determine a wrong decision was made? by getting > a different set of experts...? E.g. by judging on an evidence found later, and with that evidence making a decision that original set of experts did their job poorly. NCC has arbiters for quite a while. Who's responsible for their mistakes? > It shouldn't be the RIPE NCC, if the RIPE NCC is just following > the defined policy. Honestly, I think it's the opposite. If the NCC terminates a membership agreement, it should be liable for all the consequences of a wrong decision no matter how exactly the decision is made and what arbiters/experts/oracles/grandmoms were asked for a definitive advice. -- Töma
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , Carlos Friaças via anti-abuse-wg writes >So, the main/only course of action, as i see it today for an hijacked >party (if the hijacker is from the RIPE region), is sending a complaint to >a dutch court... and it's doubtful if the dutch court will not rule >itself to be "unable to rule" on the matter... You are entirely incorrect that using the courts is the "main" or "only" course of action. Numerous hijack events have been dealt with down the years. I am not aware of any instance in which a court got involved in stopping the hijack from happening ... ... I am aware of peer pressure (literally), action by IXPs, action by organisations providing reputation scores and even action by hosting companies. >However, yes, there are hijacks originating from the region, and there >isn't an easy way for anyone to report it, so hijacks (or persistent >hijackers) are stopped. hijacks are reported in numerous places, the NANOG mailing list springs immediately to mind -- and posting there is certainly easy >Trying to sum it up in just a line: >"Persistent and intentional resource hijacking is not tolerated." I'm still looking forward to the wording that will deal with the US DoD -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message <61efb045-f2dc-b274-93b9-515491a97...@foobar.org>, Nick Hilliard wrote: >who is liable if a mistake is made? This is a rubbish argument, as I already pointed out. Who is "liable" if, when you get up to the counter at the airport, Hertz or Avis tells you that they will no longer rent cars to you because the last time they did, you left feces in it. It is pretty obvious to me, as I can only hope it is also to everyone else, that all of the folks on this list who appear to be getting sweaty palms and/or brows over this ludicrous and throughly made up "liability" non-issue are themselves in fact neither lawyers nor people who, in all probability, have ever even set foot in a courtroom. More specifically, they are not -contract- lawyers, and they are thus predisposed to imagine all sorts of fanciful demonds and dragons, as may seem useful in order to support their otherwise unsupportable positions. In short, this made-up "liability" concern is the "WMD" of this entire discusion... just scary enough so that most people won't even give it any ernset thought or consideration, but will instead be stampeded, like some blind herd, towards whetever outocome is desired on the part of the manipulators. Perhaps before entertaining this ridiculous notion any further, those who raise the question should endeavor to answer it themselves and to present their actual factual findings here. Who is "liable" if Hertz won't rent you a car anymore because you have deminstratably behaved like a perfect s***head in the past? And precisely how many such frivilous lawsuits does Hertz find itself having to defend itself against on an annual basis? I frankly do not now why some of the people who raise this kind of "issue" have elected to remain so restrained in their retoric. Why not just say that if a mistake is made, by RIPE, and some RIPE member is determined to be a hijacker, and is thus kicked to the curb, that this mistake will necessarily and inevitably lead to a plague of locusts descending upon the land, in addition to floods, earthquakes, and finally, inevitably, nuclear winter. Oh yea, and don't forget the WMD! And the smoking gun that turns into a mushroom cloud! I always say, if you're going to do something, you should do it all the way, even when it comes to trying to scare people out of whatever little wits they had to begin with, using baseless hypotheticals grounded in nothing more substantial than moonbeams and unicorn tears. Regards, rfg P.S. I apologize in advance to Eric Bais for my mention of the historical and painful canard that was "WMD", but would like to remind him that my own country, the United States, lost more lives, arguably needlessly, as a result of that particular false bogeman than did any other. So if I can stand to hear it spoken of, or to even talk about it myself, then perhaps he can summon up the intestinal fortitude to avert his eyes just long enough to avoid having his delicate sensibilites offended, yet again.
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Wed, 17 Apr 2019, Nick Hilliard wrote: Carlos Friaças via anti-abuse-wg wrote on 17/04/2019 22:13: The main concept is that the RIPE NCC will not have the role to investigate or to judge, following a report. who is liable if a mistake is made? The individuals on the judging panel or the RIPE NCC? Hi, It shouldn't be the RIPE NCC, if the RIPE NCC is just following the defined policy. If individuals on the judging panel are liable (by dutch courts, i imagine) for wrong decisions, then that may be a hurdle to form a pool of experts. Maybe liability insurance is possible, but i don't have a way of calculating that kind of cost. And how will a dutch court determine a wrong decision was made? by getting a different set of experts...? In the case the RIPE NCC closes a LIR based on RIPE-716 A.1.2.2.g, the RIPE NCC is also liable? Or the individual staff that decides that untruthful information was supplied to the NCC is also liable? I'm not even aware if the NCC already has any liability insurance in place for those cases -- and if they haven't why they chose not to have it. Regards, Carlos Nick
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , =?ISO-8859-15?Q?Carlos_Fria=E7as?= wrote: >What's the point in having a Registry if people just decide which numbers >to use, even if those Internet numbers are attached to another org with >legitimate holdership and exclusive rights of usage? This is, in my opinion, THE fundamental question. And it still remains unanswered. Regards, rfg
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Carlos Friaças via anti-abuse-wg wrote on 17/04/2019 22:13: The main concept is that the RIPE NCC will not have the role to investigate or to judge, following a report. who is liable if a mistake is made? The individuals on the judging panel or the RIPE NCC? Nick
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi Peter, All, On Wed, 17 Apr 2019, Peter Koch wrote: On Tue, Mar 19, 2019 at 01:41:22PM +0100, Marco Schmidt wrote: A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy Violation", is now available for discussion. I have read the proposal version 1.0 as published on 13 March. I believe that the proposers try to act with the best of intentions. Mainly because what we have *today* is not really working... I also believe that certains occurences of "hijacking" constitute unfriendly action, likely involving violation of crominal codes. Yes, however, jurisdictions (and lack of laws in some of it) sometimes work against stopping criminal activities (again, dozens of different legal systems in the RIPE NCC Service Region, and beyond). Looking at the supporting arguments however, I fail to see merit in any of them: BGP hijacking completely negates the purpose of a (Regional Internet) Registry. This is unclear to me. The Registry registers address space, not routes. Yes, but one of the main purposes of a Registry is that everyone knows who is using a specific resource (or who is the legitimate holder). Those who are intentionally and continuously hijacking resources are removing value from the Registry for the whole community. What's the point in having a Registry if people just decide which numbers to use, even if those Internet numbers are attached to another org with legitimate holdership and exclusive rights of usage? This community needs to explicitly express that BGP hijacking violates RIPE policies. This is self referential - it remains unclear how and why "BGP hijacking" would violate RIPE policies. It is also unclear that other courses of action are either unavailable or unworkable. I agree that the wording is a bit self referential, yes. The rule, as we speak doesn't exist. Maybe using different wording, it could mean: "Resource hijacking is not allowed". Period. Anyone who hijacks other org's resources can happilly keep theirs. In fact they can even use their own legitimate ASN (which is also a resource) to perform said hijacks... About "other courses of action which are unworkable": The "intentional hijacker" and the "hijacked" usually are not within the same economy/law system/jurisdiction -- they may even be in different RIR Service Regions... So, the main/only course of action, as i see it today for an hijacked party (if the hijacker is from the RIPE region), is sending a complaint to a dutch court... and it's doubtful if the dutch court will not rule itself to be "unable to rule" on the matter... Hence, industry "self-regulation" comes to mind. If nothing changes in this field, the reputation of the RIPE NCC service region will continue to be affected from a cybersecurity perspective due to BGP hijacking events. Sorry, this is pure handwaving. The issue is not an exclusive problem within the RIPE NCC Service Region. However, yes, there are hijacks originating from the region, and there isn't an easy way for anyone to report it, so hijacks (or persistent hijackers) are stopped. Looking at the proposal text itself, I fail to see what policy it actually proposes. Trying to sum it up in just a line: "Persistent and intentional resource hijacking is not tolerated." Instead of defining policy it suggest to instantiate a court like system that will, without having either appropriate competence nor investigatory power, issue a finding of whether or not a "policy violation" has happened. The only purpose is to construct a compliance case for the NCC to terminate membership and/or withdraw ressource allocations (or maybe assignments). The main concept is that the RIPE NCC will not have the role to investigate or to judge, following a report. The topic of attribution is heavily discussed in a variety of fora and the approach chosen in 2019-03 is, at best, overly optimistic. Version 2.0 (to be published soon) has more details, based on the feedback received during the discussion phase. At the same time it is unclear why the RIPE NCC should even consider this "policy" in their compliance assessment. It's not "policy", it's a "proposal". The PDP was followed, as far as i know. That said, I wonder why this non-proposal met the threshold for being accepted in the first place. It's a "proposal", and while there isn't a voting involved and the consensus calling is upto the AAWG Chairs, the support expressed for 2019-03 largely exceeded objections (upto now, of course). Upholding my previous assessment, I do object to 2019-03. That was already clear, but thanks for writing it. :-) The discussion phase has shown enough lack of clarity both in terms of defining what should be considered "hijacking" as well as questions of proper jurisdiction. Therefore, I would be highly surprised if this work of art would be declared ready for the review phase. Again, version
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On 17 Apr 2019, at 14:38, Peter Koch wrote: I have read the proposal version 1.0 as published on 13 March. I believe that the proposers try to act with the best of intentions. I also believe that certains occurences of "hijacking" constitute unfriendly action, likely involving violation of crominal codes. Looking at the supporting arguments however, I fail to see merit in any of them: [ceterum censeo] I share Peter's misgivings. Best regards, Niall O'Reilly
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Is this despite RIPE operating a routing registry as a subset of the IRR and allowing ASNs to announce their routing policies? Despite RIPE allocating ASNs that are used in routing? On 17/04/19, 7:09 PM, "anti-abuse-wg on behalf of Peter Koch" wrote: On Tue, Mar 19, 2019 at 01:41:22PM +0100, Marco Schmidt wrote: >> BGP hijacking completely negates the purpose of a (Regional Internet) Registry. >> >This is unclear to me. The Registry registers address space, not routes.
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Tue, Mar 19, 2019 at 01:41:22PM +0100, Marco Schmidt wrote: > A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy > Violation", is now available for discussion. I have read the proposal version 1.0 as published on 13 March. I believe that the proposers try to act with the best of intentions. I also believe that certains occurences of "hijacking" constitute unfriendly action, likely involving violation of crominal codes. Looking at the supporting arguments however, I fail to see merit in any of them: > BGP hijacking completely negates the purpose of a (Regional Internet) > Registry. This is unclear to me. The Registry registers address space, not routes. > This community needs to explicitly express that BGP hijacking violates RIPE > policies. This is self referential - it remains unclear how and why "BGP hijacking" would violate RIPE policies. It is also unclear that other courses of action are either unavailable or unworkable. > If nothing changes in this field, the reputation of the RIPE NCC service > region will continue to be affected from a cybersecurity perspective due to > BGP hijacking events. Sorry, this is pure handwaving. Looking at the proposal text itself, I fail to see what policy it actually proposes. Instead of defining policy it suggest to instantiate a court like system that will, without having either appropriate competence nor investigatory power, issue a finding of whether or not a "policy violation" has happened. The only purpose is to construct a compliance case for the NCC to terminate membership and/or withdraw ressource allocations (or maybe assignments). The topic of attribution is heavily discussed in a variety of fora and the approach chosen in 2019-03 is, at best, overly optimistic. At the same time it is unclear why the RIPE NCC should even consider this "policy" in their compliance assessment. That said, I wonder why this non-proposal met the threshold for being accepted in the first place. Upholding my previous assessment, I do object to 2019-03. The discussion phase has shown enough lack of clarity both in terms of defining what should be considered "hijacking" as well as questions of proper jurisdiction. Therefore, I would be highly surprised if this work of art would be declared ready for the review phase. best regards, Peter
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
I support 2019-03
Luís Morais
On Tue, Apr 2, 2019 at 6:32 PM Ronald F. Guilmette
wrote:
>
> In message 7hvmbndo92qh0q8i...@mail.gmail.com>,
> Jacob Slater wrote:
>
> >If a NCC member is actively and willfully, after having been notified and
> >given ample opportunity to resolve the issue, engaged in widespread
> >hijacking such that RIR/NIR members have complained about their ability to
> >use their own resources, yes.
>
> I don't see why that last part should even be a considration.
>
> Who cares whether or not some RIR members has complained about "their
> inability to use their own resources"? Theft is theft.
>
> {re: ALS Scan v. Cloudflare}
> >That case has nothing at all to do with the theft OF IP ADDRESSES, and
> thus,
> >> it is rather entirely irrelevant to this discussion.
> >>
> >The case does deal with the slippery slope argument in that it
> demonstrates
> >at least one instance of modern law where removing content from an online
> >service (at all) resulted in an opening for legal liability.
>
> Wait. So are you suggestng that the discontinuance of Cloudflare caching
> for some pirate porn sites -created- a lgeal liability for those sites
> where none had existed before? If so, then you're going to have to explain
> that to me very very slowly.
>
> >... Action should be well
> >backed with evidence.
>
> We agree.
>
> >Cloudflare's blog post on the subject has comments on the matter. One of
> >their staff members is known for stating "Is this the day the Internet
> >dies?",
>
> Yes, well, as far as Cloudflare is concerned, -anything- that stands in the
> way of them doing absolutely anything, and whatever the f**k they want,
> MUST necessarily be the End Of The World As We Know It. It would not be
> wise for anyone to take any of Cloudflare's ludicrous hyperbole seriously,
> especially while they are, one the one hand, -selling- DDoS protection,
> even as they are also -providing- DDoS protection to DDoS gerenation
> services... as they routinely do, and as they routinely claim it is their
> God-given right to do (e.g. www.0x-booter.pw).
>
> >... a reference to the fact that they acknowledge they (at the time)
> >were about to take content offline for what were non-required reasons.
>
> I, for one, would like to know just what in the hell Cloudflare considers
> to be "required reasons" for them ceasing their HTTP reverse proxy service
> to some particular FQDN. As far as I have been able to tell, over the
> years, Cloudflare has been very insistant that there are -no- reasons that
> would -ever- require them to cease providing services, even to terrorist
> and child porn sites... at least nothing shourt of an outright court order.
>
> But this is all a digression from the issue here, which is just 2019-03,
> a proposal that only deals with the use and misuse of Internet number
> resources, PERIOD.
>
> >Getting depeered by transits, losing IX memberships, and having gear
> seized
> >by authorities all seem like potential disincentives. Having a bunch of
> >NCC-allocated IP space doesn't matter when you are unable to use it.
>
> I refer you again to the unescapable fact that, even as we speak, the
> company called Universal IP solution Corp. is still a RIPE member in good
> standing. It is lying low, for now, but could be back in business and
> undertaking new hijacks -tomorrow-, all with the air of perfect legitimacy
> which is conferred upon it by its ongoing formal RIPE membership.
>
>
> Regards,
> rfg
>
>
>
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message
,
Jacob Slater wrote:
>If a NCC member is actively and willfully, after having been notified and
>given ample opportunity to resolve the issue, engaged in widespread
>hijacking such that RIR/NIR members have complained about their ability to
>use their own resources, yes.
I don't see why that last part should even be a considration.
Who cares whether or not some RIR members has complained about "their
inability to use their own resources"? Theft is theft.
{re: ALS Scan v. Cloudflare}
>That case has nothing at all to do with the theft OF IP ADDRESSES, and thus,
>> it is rather entirely irrelevant to this discussion.
>>
>The case does deal with the slippery slope argument in that it demonstrates
>at least one instance of modern law where removing content from an online
>service (at all) resulted in an opening for legal liability.
Wait. So are you suggestng that the discontinuance of Cloudflare caching
for some pirate porn sites -created- a lgeal liability for those sites
where none had existed before? If so, then you're going to have to explain
that to me very very slowly.
>... Action should be well
>backed with evidence.
We agree.
>Cloudflare's blog post on the subject has comments on the matter. One of
>their staff members is known for stating "Is this the day the Internet
>dies?",
Yes, well, as far as Cloudflare is concerned, -anything- that stands in the
way of them doing absolutely anything, and whatever the f**k they want,
MUST necessarily be the End Of The World As We Know It. It would not be
wise for anyone to take any of Cloudflare's ludicrous hyperbole seriously,
especially while they are, one the one hand, -selling- DDoS protection,
even as they are also -providing- DDoS protection to DDoS gerenation
services... as they routinely do, and as they routinely claim it is their
God-given right to do (e.g. www.0x-booter.pw).
>... a reference to the fact that they acknowledge they (at the time)
>were about to take content offline for what were non-required reasons.
I, for one, would like to know just what in the hell Cloudflare considers
to be "required reasons" for them ceasing their HTTP reverse proxy service
to some particular FQDN. As far as I have been able to tell, over the
years, Cloudflare has been very insistant that there are -no- reasons that
would -ever- require them to cease providing services, even to terrorist
and child porn sites... at least nothing shourt of an outright court order.
But this is all a digression from the issue here, which is just 2019-03,
a proposal that only deals with the use and misuse of Internet number
resources, PERIOD.
>Getting depeered by transits, losing IX memberships, and having gear seized
>by authorities all seem like potential disincentives. Having a bunch of
>NCC-allocated IP space doesn't matter when you are unable to use it.
I refer you again to the unescapable fact that, even as we speak, the
company called Universal IP solution Corp. is still a RIPE member in good
standing. It is lying low, for now, but could be back in business and
undertaking new hijacks -tomorrow-, all with the air of perfect legitimacy
which is conferred upon it by its ongoing formal RIPE membership.
Regards,
rfg
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Carlos Friaças wrote on 01/04/2019 18:06: << Here you might have forgot to comment about "weaponized IXPs" :-) >> Hi Carlos, No, this was deliberate. I didn't comment because a lot of people are throwing analogies into this discussion which aren't directly relevant to 2019-03. If you want to discuss IXP abuse and why it's not directly relevant to this proposal, let's do that offline. Nick
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
> > I agree, but to avoid throwing the baby out with the bathwater, I would > suggest to you that it would be best if you could suggest to the proposal's > author and sponsor some different language with respect to the procedure > for judging such matters... some different process that would address > your reasonable concerns about process... rather than just saying that > the whole proposal is unacceptable. > > In short, it appears that yur objection here is about implementation > details, and that you do not object to the over-arching concept, assuming > of course that the process of adjudicating such matters may be made > substantially more reliable and fool-proof. Perhaps. I've spoken with at least one of the authors and am still not entirely convinced the wording can be done such that it reasonably addresses the issues I've presented. I'll reserve judgement until version 2.0 is released for discussion. see last line So you do agree that there is a -possibility- that a threat exists and that > it might, in theory, and under some appropriate circumstances, be > diminished > or eliminated by the termination of the RIPE contract with certain well > proven and accurately identified "rogue" members, yes? > If a NCC member is actively and willfully, after having been notified and given ample opportunity to resolve the issue, engaged in widespread hijacking such that RIR/NIR members have complained about their ability to use their own resources, yes. That case has nothing at all to do with the theft OF IP ADDRESSES, and thus, > it is rather entirely irrelevant to this discussion. > The case does deal with the slippery slope argument in that it demonstrates at least one instance of modern law where removing content from an online service (at all) resulted in an opening for legal liability. While not an issue specific to policy discussion, I do believe it is worth consideration when determining potential breadth of the policy. Action should be well backed with evidence. see last line My apologies for not quoting the relevant section properly. I disagree, and apparently, so does Cloudflare. And they should know. > Cloudflare's blog post on the subject has comments on the matter. One of their staff members is known for stating "Is this the day the Internet dies?", a reference to the fact that they acknowledge they (at the time) were about to take content offline for what were non-required reasons. https://blog.cloudflare.com/why-we-terminated-daily-stormer/ That isn't to say that I think this is an inherently bad option. I just think it needs to be balanced such that it is clearly justified when action is taken. see last line The question is whether or not this proposal is a demonstrably bad way to > -try- to begin > to address the problem, at least in part. I remind you that right now > there > is essentially -zero- disincentive to the act of deliberate hijacking. > Getting depeered by transits, losing IX memberships, and having gear seized by authorities all seem like potential disincentives. Having a bunch of NCC-allocated IP space doesn't matter when you are unable to use it. Again, I am in agreement with you, but I do believe that this is a matter > of fine-tuning the procedural aspects of the propsal, rather than simply > opposing or abandoning it wholesale. > Agreed so far as being open to revisions. see last line Given the number of references I've made to rev 2.0, I'll likely hold additional comments until it is released, as they are quite possibly irrelevant. Jacob Slater On Mon, Apr 1, 2019 at 11:24 PM Ronald F. Guilmette wrote: > > In message < > cafv686cuabmpiq1e6owd2ovwna4x6otvbfxshd0bjosmdle...@mail.gmail.com>, > Jacob Slater wrote: > > >In the case of IP addresses and ASNs, the "convicted individual" has been, > >under the current policy draft, convicted in the mind of one - perhaps two > >upon appeal - experts (a term which has yet to be defined in policy). Such > >an opinion, no matter how professional, is a very low bar to be taking as > >objective. > > I agree, but to avoid throwing the baby out with the bathwater, I would > suggest to you that it would be best if you could suggest to the proposal's > author and sponsor some different language with respect to the procedure > for judging such matters... some different process that would address > your reasonable concerns about process... rather than just saying that > the whole proposal is unacceptable. > > In short, it appears that yur objection here is about implementation > details, and that you do not object to the over-arching concept, assuming > of course that the process of adjudicating such matters may be made > substantially more reliable and fool-proof. > > >Should the NCC be allocating them more addresses? > >It is justified (morally, ethically, and perhaps even legally) to continue > >treating all entities as equals by allocating resources for their use > >unless they have been determined to be a distinct threat by a t
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , Jacob Slater wrote: >In the case of IP addresses and ASNs, the "convicted individual" has been, >under the current policy draft, convicted in the mind of one - perhaps two >upon appeal - experts (a term which has yet to be defined in policy). Such >an opinion, no matter how professional, is a very low bar to be taking as >objective. I agree, but to avoid throwing the baby out with the bathwater, I would suggest to you that it would be best if you could suggest to the proposal's author and sponsor some different language with respect to the procedure for judging such matters... some different process that would address your reasonable concerns about process... rather than just saying that the whole proposal is unacceptable. In short, it appears that yur objection here is about implementation details, and that you do not object to the over-arching concept, assuming of course that the process of adjudicating such matters may be made substantially more reliable and fool-proof. >Should the NCC be allocating them more addresses? >It is justified (morally, ethically, and perhaps even legally) to continue >treating all entities as equals by allocating resources for their use >unless they have been determined to be a distinct threat by a trustworthy >system, such as a board of peers (as in the case of a criminal conviction). So you do agree that there is a -possibility- that a threat exists and that it might, in theory, and under some appropriate circumstances, be diminished or eliminated by the termination of the RIPE contract with certain well proven and accurately identified "rogue" members, yes? >Keeping to my earlier discussion of the gun store analogy, I do not believe >that the opinion of a single expert (with the possibility of appeal) is >enough I agree. >> The proposal on the table doesn't deal with any matters which are in >> any way even remotely tied to mere offenses against any local or >> localize sensibilities. It doesn't even remotely have anything at >> all to do with either (a) any actions or offenses in "meatspace" nor >> (b) any actions or offenses having anything at all to do with -content- >> in any sense. The present proposal only has to do with the outright >> THEFT of IP addresses, i.e. the very commodity which RIPE is supposed to >> the responsible shepard of. > > >Within your jurisdiction, I can think of several cases which show this to >not be the case (ALS Scan, Inc. v. Cloudflare, Inc., et al. being one of >them). That case has nothing at all to do with the theft OF IP ADDRESSES, and thus, it is rather entirely irrelevant to this discussion. But I am glad that you brough it up anyway, because one one the points made by the *defendant* in that case, Cloudflare, actually underscores a point that I have tried to make here, i.e. that the act of disiplining any one RIPE member, or even several of them, as is contemplated by 2019-03, is quite clearly *not* equivalent to some kind of totalitarian banning, from the entire Internet, of any particular piece of content. But I will let Cloudflare's own legal argument make the point for me: https://torrentfreak.com/cloudflares-cache-can-substantially-assist-copyright-infringers-court-rules-180314/ "One of Cloudflare's arguments was that it did not substantially assist copyright infringements because the sites would remain online even if they were terminated from the service. It can't end the infringements entirely on its own, the company argued." So, as you see, even Cloudflare itself made the point that simply eliminating any one (bad) provider does virtually nothing at all to remove from the entire Internet any given piece of -content-. And this certainly matches up with my own experience. >Blocking content distribution methods is effectively blocking the content I disagree, and apparently, so does Cloudflare. And they should know. >I've still yet to be convinced that this would substantially cut down on >hijacking; Maybe it wouldn't. The question isn't whether it would or not. The question is whether or not this proposal is a demonstrably bad way to -try- to begin to address the problem, at least in part. I remind you that right now there is essentially -zero- disincentive to the act of deliberate hijacking. Maybe it is time to try something different and see if it will help. If it doesn't, then it can be discarded, and then some other approach can be tried instead. >additionally, I've yet to be convinced that such a policy would >not sweep up innocents due to its allowance of reports by the general >public and incredibly low bar for labeling someone a hijacker. Again, I am in agreement with you, but I do believe that this is a matter of fine-tuning the procedural aspects of the propsal, rather than simply opposing or abandoning it wholesale. Regards, rfg
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Let's use a less loaded analogy than a gun store :-) Suppose we are dealing with a logistics company that uses stolen lorries/trucks. May their use of stolen vehicles potentially affect their carrier license? Note that, even if after many months of processes the agreement with the rir was terminated and the AS taken back, still that does not preclude the company from having ip addresses or having access to the internet. I expect the next draft not to rely on a single expert, but a panel of 3 experts (plus then the appealing phase). Would that solve your concerns? > Blocking content distribution methods is > effectively blocking the content itself. If your > newspaper was unable to print and distribute > their news because their electricity had been > shut off (for anything outside of nonpayment), > it would still be considered censorship. No. The newspaper may pay its electricity punctually, yet be required to have its electrical power shut off. A good example of that would be non-compliance with the local electricity regulation, which may range from an install so bad that could cause a fire to simply having an old meter which doesn't support real-time reading Should the action against the above-mentioned logistics company differ if it was used for delivery by a newspaper? You raise a good point that the allowance of reports by the general public could lead to attacks against 'unpopular' entities (such as a certain political party) by means of fake reports. However, given that it has to be based on technical facts, I'm not sure if that's already enough or there should be some additional speedy path in the proposal for them to be discarded (and where to put the line?). Ángel
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
All, In message <92716.1554145...@segfault.tristatelogic.com>, Ronald F. Guilmette wrote: >So, your local supermarket is also not allowed to sell anything to > >a convicted criminal? > > That analogy is a poor one. It would however be accurate to say that > my local GUN STORE is not allowed to sell firearms to a convicted > criminal. I would argue this analogy itself is poor. The gun store is directly supporting the convicted criminal in potentially committing further acts. The criminal in this instance has (presumably, at least in the jurisdiction you are referencing) been convicted through a given legal process. There is substantial risk of abuse and little barrier to entry to purchasing firearms. You do not need a firearm to survive in most regions today. In summary: high risk of danger (given their conviction), low potential benefit to allowing it, and low risk of causing harm to the individual or entity you have denied. In the case of IP addresses and ASNs, the "convicted individual" has been, under the current policy draft, convicted in the mind of one - perhaps two upon appeal - experts (a term which has yet to be defined in policy). Such an opinion, no matter how professional, is a very low bar to be taking as objective. Having access to content online (which inherently requires either your ISP or you to hold resources from the NCC or another RIR) is significantly more necessary. In summary: medium (perhaps low, depending on the expert selection) risk of danger, substantial potential benefit to allowing it, and high risk of causing harm to the individual or entity you have denied. Should RIPE be selling them more? Apparently, as of right now, there is no > rule in place to prevent this. And as I have already noted, the > company known as Universal IP Solution Corp. is still a member in > good standing of the RIPE association. > ... > If you are arguing that that is in any sense justifiable, either > morally, ethically, or even legally, please say so explicitly. > Should the NCC be allocating them more addresses? It is justified (morally, ethically, and perhaps even legally) to continue treating all entities as equals by allocating resources for their use unless they have been determined to be a distinct threat by a trustworthy system, such as a board of peers (as in the case of a criminal conviction). Keeping to my earlier discussion of the gun store analogy, I do not believe that the opinion of a single expert (with the possibility of appeal) is enough to determine their state. A multi-step process is needed in which an individual has many opportunities to prove their innocence. While I understand the goal of the policy in being expedient, I do not believe this process should be compromised in the name of expediency. A single appeal is not appropriate. The IP addresses they have are not directly aiding in hijacking. While their ASN may be, they could just as simply hijack another ASN. If IP space was to be revoked, they could simply hijack more as well. In my country, there is now at least one lawsuit, progressing through > the courts, against gun manufacturers for their supportive role in > some of our recent mass shootings. I hope that it does not take a > similar legal action against RIPE before RIPE adopts some rational > policies to prevent itself from being the handmadien of online > cyber-criminal enterprises and from then being reasonably and properly > held to legal account for this exact supportive role on ongoing > cyber-crime schemes > It is pointless to speculate about the outcome of such a legal proceeding before it has been decided. In message <92972.1554148...@segfault.tristatelogic.com>, Ronald F. Guilmette wrote: > >BGP hijacking is just the start, but there is an endless list of things > >which are considered offensive or illegal in some or all jurisdictions > >in the RIPE NCC service area, e.g. spam, porn, offending political > >leaders, gambling, drugs, other religions, political dissent, blasphemy > >and so on. > > As I have already pointed out, this "slippery slope" argument is a > smokescreen, and only being used to justify the inexcusible status quo. > > The proposal on the table doesn't deal with any matters which are in > any way even remotely tied to mere offenses against any local or > localize sensibilities. It doesn't even remotely have anything at > all to do with either (a) any actions or offenses in "meatspace" nor > (b) any actions or offenses having anything at all to do with -content- > in any sense. The present proposal only has to do with the outright > THEFT of IP addresses, i.e. the very commodity which RIPE is supposed to > the responsible shepard of. Within your jurisdiction, I can think of several cases which show this to not be the case (ALS Scan, Inc. v. Cloudflare, Inc., et al. being one of them). It would seem so, at least when the "slippery slope" arguments is > clearly being made in order to falsely try to scare people with
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , Nick Hilliard wrote: >BGP hijacking is just the start, but there is an endless list of things >which are considered offensive or illegal in some or all jurisdictions >in the RIPE NCC service area, e.g. spam, porn, offending political >leaders, gambling, drugs, other religions, political dissent, blasphemy >and so on. As I have already pointed out, this "slippery slope" argument is a smokescreen, and only being used to justify the inexcusible status quo. The proposal on the table doesn't deal with any matters which are in any way even remotely tied to mere offenses against any local or localize sensibilities. It doesn't even remotely have anything at all to do with either (a) any actions or offenses in "meatspace" nor (b) any actions or offenses having anything at all to do with -content- in any sense. The present proposal only has to do with the outright THEFT of IP addresses, i.e. the very commodity which RIPE is supposed to the responsible shepard of. Given all of the supposed experience and intelligence of the people on this list, I seriously have no idea why it should be necessary for me to explain the abundantly clear distinction between content and the wires and IP infrastructure that carries that content. Is this a really difficult concept to understand? It would seem so, at least when the "slippery slope" arguments is clearly being made in order to falsely try to scare people with the bogeyman of "censorship". That is clearly not what the proposal is about, and anyone who claims otherwise needs to go back to school until he, she or it fully grasps the difference between content and the IP addresses that provide the technical means to distribute it. As those of us who have actually spent years opposing Internet abuse like to say, our concern is not about abuse "on the Internet" but rather it has to do with abuse "of the Internet". Since this distinction has obviously traveled slowly to the far side of the pond, I am forced to provide some (hopefully educational) illustrations. If someone sends you a highly offensive email, or makes a highly offensive Farcebook post, saying that your paternal grandmother is a actually a closet Visigoth, then that constitutes abuse -on- the Internet. If, on the other hand, some hacker infects your machines, and thousands like it, and then uses his entire collection of infescted machines to DDoS you, presumably because you just beat him in a game of League of Legends, then that is abuse -of- the Internet, because in this case, it is the infrastructure itself that is being misused and abused... and -that- kind of abuse affects all of us. I seriously would have hoped that it would not have been necessary for me to provide people on this mailing list, in particular, with examples to illustrate the clear conceptual differences betwen abuse "on" the Internet and abuse "of' the Internet, but apparently I hoped in vain, and this rather critical and key distinction is still being either throughly misunderstood or else throughly ignored when it comes to these bogus "slippery slope" arguments. Let me say it more clearly. Nobody wants to take away your porn. That's not what this is about, as any fair-minded reader of the propsal can easily see. The idea is simple: Those who steal IP addresses shall not be allowed to keep those and shall not in fact be alowed to keep any IP addresses. Nobody is proposing reclaiming IP space from anyone who has the audacity to say. on the Internet, that Stalin may have been, um, suboptimal. Nobody is even proposing that the worst Internet child porn purveyor ever detected by law enforcement should have his IPs taken away. Because this is not about content and never will be. Whst this *is* actually all about is just this: You steal IPs and then you lose your IPs. I honestly don't understand why otherwise intelligent people should have such a hard time grasping this rather simple concept. This is really not rocket science. Regards, rfg P.S. My sincere apologies, in advance, to any and all parties who may be offended by my reference to Visigoths. I meant no offense, either to them or to any of their descendants who may be present here. I'm quite sure that some among the Visigoth were very fine people, even though I never had the privilege of meeting any of them personally.
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Mon, 1 Apr 2019, Sascha Luck [ml] wrote: On Mon, Apr 01, 2019 at 05:06:37PM +0100, Carlos Friaas via anti-abuse-wg wrote: The same way it happens with lack of payment, explicitly part of the contract (SSA). or delivering false/forged information to the NCC. explicitly part of the contract. You are trying to change the contract. You can't do that here. "The Member acknowledges applicability of, and adheres to, the RIPE Policies and RIPE NCC procedural documents" -- you know... those that could change with time...? with, i.e. punishment by withdrawal of resources. It shouldn't be their decision, it should be the experts' decision. It gets better. By *what* authority does your expert get to decide that a LIR should be punished? Deo gratias? It can't be a contractual obligation, I have no damn contract with some expert... "RIPE Policies" -- you are trying to discuss if a given policy is admissible even during the initial discussion phase... It's possibly my fault, but (in this long thread) i still fail to read from someone that hijacking is not offensive, and thus it should be tolerated by the community. I understand you are trying to take this into a grey area by comparison with other examples/abuse. It is quite possible to find "hijacking" offensive and yet to oppose a dangerous and totalitarian policy. Dangerous to who exactly? Totalitarian? It's not one person which would be ruling directly over any consequence. Perhaps with version 2.0 (if you care to read it) you will be able to calculate the minimum number of people involved until a LIR closure actually becomes possible. Regards, Carlos rgds, SL
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message <20190401115412.gc97...@space.net>, Gert Doering wrote: >So, your local supermarket is also not allowed to sell anything to >a convicted criminal? That analogy is a poor one. It would however be accurate to say that my local GUN STORE is not allowed to sell firearms to a convicted criminal. And that's clearly a much better analogy, because in the case of this massive "ad fraud" scheme that was carried out by the group known as 3ve, they were using IP addresses as weapons in their scheme. Should RIPE be selling them more? Apparently, as of right now, there is no rule in place to prevent this. And as I have already noted, the company known as Universal IP Solution Corp. is still a member in good standing of the RIPE association. If you are arguing that that is in any sense justifiable, either morally, ethically, or even legally, please say so explicitly. Meanwhile, as I have tried to express, all of the armchair legal scholars on this mailing list who have postulated that RIPE would somehow be in legal jepordy if it merely ternminates a contract in accordance with the explicit terms of that contract should take a moment to google for the term "vicarious liability". In my country, there is now at least one lawsuit, progressing through the courts, against gun manufacturers for their supportive role in some of our recent mass shootings. I hope that it does not take a similar legal action against RIPE before RIPE adopts some rational policies to prevent itself from being the handmadien of online cyber-criminal enterprises and from then being reasonably and properly held to legal account for this exact supportive role on ongoing cyber-crime schemes. Regards, rfg
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Mon, Apr 01, 2019 at 05:06:37PM +0100, Carlos Friaas via anti-abuse-wg wrote: The same way it happens with lack of payment, explicitly part of the contract (SSA). or delivering false/forged information to the NCC. explicitly part of the contract. You are trying to change the contract. You can't do that here. with, i.e. punishment by withdrawal of resources. It shouldn't be their decision, it should be the experts' decision. It gets better. By *what* authority does your expert get to decide that a LIR should be punished? Deo gratias? It can't be a contractual obligation, I have no damn contract with some expert... It's possibly my fault, but (in this long thread) i still fail to read from someone that hijacking is not offensive, and thus it should be tolerated by the community. I understand you are trying to take this into a grey area by comparison with other examples/abuse. It is quite possible to find "hijacking" offensive and yet to oppose a dangerous and totalitarian policy. rgds, SL
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Mon, 1 Apr 2019, Nick Hilliard wrote: Carlos Friaças wrote on 01/04/2019 16:51: But let's also focus on two words: "punishing" -- no, that's not the goal, the goal is to close a clear gap and make people understand that hijacking is not tolerated. The explicit aim of this proposal is that if the expert panel judges that you have hijacked prefixes, you will be punished by the RIPE NCC. ...in a *persistent* way. The same way it happens with lack of payment, or delivering false/forged information to the NCC. https://en.oxforddictionaries.com/definition/punish "Inflict a penalty or sanction on (someone) as retribution for an offence, especially a transgression of a legal or moral code." "weaponises" -- how? "weaponises" == turns the registry into something to beat people with, i.e. punishment by withdrawal of resources. It shouldn't be their decision, it should be the experts' decision. << Here you might have forgot to comment about "weaponized IXPs" :-) >> So, rather than talking about how much we want to do something about BGP hijacking, maybe we should discuss what grounds we'd have for refusing to deregister resources for things that other people in the RIPE NCC service region feel constitutes abuse, and where the line would be drawn? Let's start with political dissent and gay rights. None. But 2019-03 is exclusively about BGP hijacking. Ok, so you accept that this is the thin end of the wedge and that if the RIPE community were to accept this proposal, we would have no grounds - none - to argue against other people who propose withdrawal of resources for things that they find offensive. No. Anyone proposing anything would have to go through the PDP. For me "jurisdiction" (and lack of agreement throughout the region) would be enough, as arguments. It's possibly my fault, but (in this long thread) i still fail to read from someone that hijacking is not offensive, and thus it should be tolerated by the community. I understand you are trying to take this into a grey area by comparison with other examples/abuse. Regards, Carlos
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Mon, Apr 01, 2019 at 03:29:16PM +, Ángel González Berdasco wrote: > Gert Doering writes: > > On Sun, Mar 31, 2019 at 01:54:42PM -0700, Ronald F. Guilmette wrote: > > > To say that any such funds now being paid to RIPE are "tainted" would be a > > > rather gross understatement. > > > > > > This is the elephant in the room that none of the opponents of 2019-03 > > > wants to talk about, i.e. the rather inconvenient fact that RIPE, due > > > to its intransigent lethargy, is quite apparently doing business, even > > > as we speak, with known and well-identified cyber-criminals. > > > > So, your local supermarket is also not allowed to sell anything to > > a convicted criminal? > > > > Sorry, this is getting ridiculous. > > Actually, if someone came to your local supermarket attempting to pay > with a stolen good, it would probably be illegal for the supermarket to > knowingly perform such transaction. But the RIPE NCC isn't paid in stolen IP addresses. The argument was "they are making money out of evil things, and if the RIPE NCC is taking these moneyz, they are making themselves liable for the original crime". Of course if someone tries to pay their LIR fees with a stolen /16, the RIPE NCC should better not accept this :-) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Gert Doering writes: > Hi, > > On Sun, Mar 31, 2019 at 01:54:42PM -0700, Ronald F. Guilmette wrote: > > To say that any such funds now being paid to RIPE are "tainted" would be a > > rather gross understatement. > > > > This is the elephant in the room that none of the opponents of 2019-03 > > wants to talk about, i.e. the rather inconvenient fact that RIPE, due > > to its intransigent lethargy, is quite apparently doing business, even > > as we speak, with known and well-identified cyber-criminals. > > So, your local supermarket is also not allowed to sell anything to > a convicted criminal? > > Sorry, this is getting ridiculous. > > Gert Doering > -- NetMaster Actually, if someone came to your local supermarket attempting to pay with a stolen good, it would probably be illegal for the supermarket to knowingly perform such transaction. As for the original question, the relevant entry of Dutch Penal code seems to be 417bis: > * a. a person who acquires, possesses or transfers a > good, or establishes or transfers a personal right or > right in rem in respect of a good, while at the time > of the acquisition or possession of the good or the > establishment of a good the law should reasonably have > suspected that it concerned a property acquired > through a crime; > * b. he who, for profit, holds or transfers a good or > transfers a personal right to or right in respect of a > good, while he must reasonably suspect that it > concerns a good acquired through a crime. > (via Google Translator of https://nl.wikipedia.org/wiki/Heling) Cheers -- INCIBE-CERT - CERT of the Spanish National Cybersecurity Institute https://www.incibe-cert.es/ PGP Keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys INCIBE-CERT is the Spanish National CSIRT designated for citizens, private law entities, other entities not included in the subjective scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen Jurídico del Sector Público", as well as digital service providers, operators of essential services and critical operators under the terms of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de las redes y sistemas de información" that transposes the Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Disclaimer: This message may contain confidential information, within the framework of the corporate Security Management System.If you are not the intended recipient, please notify the sender and delete this message without forwarding or retaining a copy, since any unauthorized use is strictly prohibited by law.
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Carlos Friaças wrote on 01/04/2019 16:51: But let's also focus on two words: "punishing" -- no, that's not the goal, the goal is to close a clear gap and make people understand that hijacking is not tolerated. The explicit aim of this proposal is that if the expert panel judges that you have hijacked prefixes, you will be punished by the RIPE NCC. https://en.oxforddictionaries.com/definition/punish "Inflict a penalty or sanction on (someone) as retribution for an offence, especially a transgression of a legal or moral code." "weaponises" -- how? "weaponises" == turns the registry into something to beat people with, i.e. punishment by withdrawal of resources. So, rather than talking about how much we want to do something about BGP hijacking, maybe we should discuss what grounds we'd have for refusing to deregister resources for things that other people in the RIPE NCC service region feel constitutes abuse, and where the line would be drawn? Let's start with political dissent and gay rights. None. But 2019-03 is exclusively about BGP hijacking. Ok, so you accept that this is the thin end of the wedge and that if the RIPE community were to accept this proposal, we would have no grounds - none - to argue against other people who propose withdrawal of resources for things that they find offensive. Thank you for clarifying this. Nick
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi Nick, All, On Mon, 1 Apr 2019, Nick Hilliard wrote: Gert Doering wrote on 01/04/2019 13:54: Sorry, this is getting ridiculous. It's worse than that: the proposal is that the RIPE NCC weaponises its registry data and turns it into a mechanism for punishing people when they do things that other people don't like. "...when they do things other people don't like, making the whole registry system to become ridiculous and causing actual harm to one or more third parties." But let's also focus on two words: "punishing" -- no, that's not the goal, the goal is to close a clear gap and make people understand that hijacking is not tolerated. As i understand it, if this leads to a LIR closure, the same party can still buy services from another LIR, or they can open a new one (not sure if there is any period that stops an organisation to achieve LIR status after a closure). "weaponises" -- how? the NCC is not who is deciding if there was any intentional hijacking. Does the IXP you work for have any rules against hijacking? If customer A complains to the IXP customer B is announcing them an hijack, will the IXP just sit and do nothing? Or do you think the IXP is being "weaponized"? BGP hijacking is just the start, but there is an endless list of things which are considered offensive or illegal in some or all jurisdictions in the RIPE NCC service area, e.g. spam, porn, offending political leaders, gambling, drugs, other religions, political dissent, blasphemy and so on. Here we fully agree! But BGP hijacking is a common denominator in terms of harmful practices, something which is purely technical, where a simple rule is missing. Regarding jurisdiction, is there any corner in the service region where impersonating someone or fraud (just to name a few) is not part of the legal system? The RIPE NCC service area comprises around 72 countries and has over 1 billion inhabitants, and if you have a service area that large, everybody is going to be offended by something. I hope everyone, in each of those 72 economies (and beyond) will feel offended when someone is deliberately announcing routes to cause harm to third parties. So, rather than talking about how much we want to do something about BGP hijacking, maybe we should discuss what grounds we'd have for refusing to deregister resources for things that other people in the RIPE NCC service region feel constitutes abuse, and where the line would be drawn? Let's start with political dissent and gay rights. None. But 2019-03 is exclusively about BGP hijacking. Regards, Carlos Nick
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Mon, Apr 01, 2019 at 04:01:53PM +0200, Nick Hilliard wrote: > Let's start with political dissent Now, I disagree on this. Disagreeing with the voice of reason in the anti-abuse WG should certainly be reason for public flogging, and possibly instant LIR closure. Gert Doering -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Gert Doering wrote on 01/04/2019 13:54: Sorry, this is getting ridiculous. It's worse than that: the proposal is that the RIPE NCC weaponises its registry data and turns it into a mechanism for punishing people when they do things that other people don't like. BGP hijacking is just the start, but there is an endless list of things which are considered offensive or illegal in some or all jurisdictions in the RIPE NCC service area, e.g. spam, porn, offending political leaders, gambling, drugs, other religions, political dissent, blasphemy and so on. The RIPE NCC service area comprises around 72 countries and has over 1 billion inhabitants, and if you have a service area that large, everybody is going to be offended by something. So, rather than talking about how much we want to do something about BGP hijacking, maybe we should discuss what grounds we'd have for refusing to deregister resources for things that other people in the RIPE NCC service region feel constitutes abuse, and where the line would be drawn? Let's start with political dissent and gay rights. Nick
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, On Sun, Mar 31, 2019 at 01:54:42PM -0700, Ronald F. Guilmette wrote: > To say that any such funds now being paid to RIPE are "tainted" would be a > rather gross understatement. > > This is the elephant in the room that none of the opponents of 2019-03 > wants to talk about, i.e. the rather inconvenient fact that RIPE, due > to its intransigent lethargy, is quite apparently doing business, even > as we speak, with known and well-identified cyber-criminals. So, your local supermarket is also not allowed to sell anything to a convicted criminal? Sorry, this is getting ridiculous. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , Richard Clayton wrote: >Instead, experts are used by those who are charged with dispensing >justice as a means of understanding what is likely to have gone on, and >these people then weigh the various opinions of the experts (or indeed >their unanimity) in coming to their decision. I agree completely that this is the way the process -should- indeed work (when "hijacking" charges are being adjudicated). And in fact, I have previously stated exactly that position in private email to the main sponsor/author of 2019-03. >So a policy which said that unauthorised BGP hijacking was unacceptable >behaviour and charged RIPE NCC with addressing the problem if it was >caused by anyone who used RIPE resources would I think be helpful. Once again, we are in perfect agreement. >Telling RIPE NCC exactly how to recognise and deal with BGP hijacking >(and specifying exactly how experts and no one else will determine what >has occurred) is I think unhelpful and attempts to move forward this way >are likely to be counterproductive. I agree that subject-matter experts should not themselves be the adjudicators but rather that they should merely be resources that are available to the actual adjudicators. If, hypothetically, that change were made to 2019-03 would it then be something that you'd support? Or did you see other issues? Regards, rfg
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , =?ISO-8859-15?Q?Carlos_Fria=E7as?= wrote: >2019-03 aims to create an inexistent rule, that could lead to >consequences... Speaking of which, I wonder if anyone here might happen to know the penality, under Dutch law, for knowingly receiving stolen property, or cash? I only ask because I did notice, just yesterday, the fact that AS205869, aka Universal IP Solution Corp. is apparently still, to this day, a member in good standing (and dues-paying member) of RIPE. And this is true even MONTHS after the company was publicly identified as having been one of two entities behind a large scale "ad fraud" scheme, publicly documented by Google and their partners, WhiteOps, and which netted the criminals behind it an alleged $29 million of ill-gotten gains: https://arstechnica.com/information-technology/2018/12/how-3ves-bgp-hijackers-eluded-the-internet-and-made-29m/ This entire sophisticated ad fraud scheme resulted in multiple U.S. federal grand jury indictments: https://www.justice.gov/usao-edny/press-release/file/1114576/download Unfortunately, many of those criminally charged are still at large, and thus, they are able to continue doing business with, and paying dues to RIPE. To say that any such funds now being paid to RIPE are "tainted" would be a rather gross understatement. This is the elephant in the room that none of the opponents of 2019-03 wants to talk about, i.e. the rather inconvenient fact that RIPE, due to its intransigent lethargy, is quite apparently doing business, even as we speak, with known and well-identified cyber-criminals. So, when it comes time for RIPE to answer, in a Dutch court, for this continued and ongoing support of known criminals, what will be RIPE's response? I can see it all now... "Oh! Gee! Sorry your honor! We are an association, under Dutch law, and our by-laws require us not to adopt any policies that do not obtain 100% consensus of ALL of our members, and thus, because our members are a rambunctious lot, and because at least some of them don't really mind that much being associated with criminals, we have been unable to adopt any new governing rules for our association that would actually prohibit us from receiving stolen money. Can we go now?" Yea. *That* defense is sure to work... NOT! Perhaps some of the people here who have speculated aloud about the (dim) possibility that RIPE might someday accrue some civil liability for having kicked out members who are hijackers could perhaps spare a moment or two in their busy schedules to give at least some thought to the vastly greater potential liability, both civil and criminal, that might accrue to RIPE if it continues, as it is now doing, to support and sell services to known cyber-criminals. Note that when and if a day of legal judgement finally arrives for *these* failures, RIPE will also not be able to avail itself of either of the two other traditional defenses that have been trotted out, in the past, to try to excuse the inexcusable. I am speaking of course of the "we didn't know" defense and the "we were just following orders" defense. RIPE clearly *does* know about the nature and purpose of Universal IP Solution Corp., and if it doesn't know, then it can only be because RIPE is -willfully- electing to remain ignorant. Separately, RIPE can certainly attempt to claim that it was "just following the orders" of its membership, but that defense is likely to fall on deaf ears also... as it has in the past. So where are all of the members who earlier, and right here on this mailing list, worried aloud about legal liability? Why are they apparently NOT worrrying about the legal liability that may arise from seeing evil and doing nothing whatsoever to impede it, or to even stop doing business with it? Apparently, the potential for legal liability is only an issue when concern abou the potential for that is used as an argument to support those conservatives who wish to do nothing at all. When viewed objectively and even-handedly however, arguments in favor of doing nothing which are based on the "legal liability" bogeyman can be easily seen to be rather entirely disingenuous, because it is self-evident that the *real* and far more serious potential for legal liability lies with continuing to have RIPE support and sell services to cyber-criminals, as it is now, quite apparently, doing. Regards, rfg
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message <83185.1554061...@segfault.tristatelogic.com>, Ronald F. Guilmette writes > >In message , >Richard Clayton wrote: > >>However, it is not necessarily clear at all and writing a policy which >>assumes that it will always be clear is in my view unwise. >> >>Assuming that experts will always be able to determine who is at fault >>(along with deciding whether an event they know little of is accidental >>or deliberate) is to live in a world that I do not recognise. > >I disagree completely. The world would be one that you most certainly >*would* recognize. > >Your argument basically boils down to the following unsustainable >assertion: We cannot assume that we will always, and in 100% of all >cases, be able to accurately recognize "crime" when we see it. Therefore >we should have -no- criminal laws. I don't agree ... what I am saying is that it can be very hard for real experts to agree. These are people who consider all possible reasons for events to occur and then offer their opinion as which reasons can be completely ruled out and which are unlikely to be actual explanation in the particular case. As a result we seldom operate justice by using experts (whether they agree or not) as the ultimate arbiters of how cases are decided. Instead, experts are used by those who are charged with dispensing justice as a means of understanding what is likely to have gone on, and these people then weigh the various opinions of the experts (or indeed their unanimity) in coming to their decision. >>If the policy stopped at the statement that unauthorised BGP hijacking >>was unacceptable behaviour then I would be happy with it. > >I have no idea what country you live in the United Kingdom (it's fairly easy to work that out BTW) >, but would you likewise find it >equally acceptable if your local national legislature also and likewise >passed a resolution calling for murder to be entirely decriminalized, >while adding that it is the sense of the legislature that murder shall >nontheless, and henceforth, be deemed "unacceptable behaviour" deserving >of public derision and scorn, but no further penalties whatsoever? As it happens (it's tricky when appealing to completely irrelevant matters isn't it?) the UK does not have a statute that makes murder a crime -- so it might be quite complicated to decriminalise it ! People are instead charged under the common law -- the court then decides whether or not they are guilty (often having considered the evidence of experts whose duty is explicitly defined as being to assist the court, albeit they are paid by either the prosecution or the defence). However if the accused is found guilty then the sentence is specified by statute (which, because it gives no leeway to the court, leads to numerous unfair outcomes which I will not elaborate here). So a policy which said that unauthorised BGP hijacking was unacceptable behaviour and charged RIPE NCC with addressing the problem if it was caused by anyone who used RIPE resources would I think be helpful. Telling RIPE NCC exactly how to recognise and deal with BGP hijacking (and specifying exactly how experts and no one else will determine what has occurred) is I think unhelpful and attempts to move forward this way are likely to be counterproductive. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , Richard Clayton wrote: >In message <74227.1553972...@segfault.tristatelogic.com>, Ronald F. >Guilmette writes >>In the summer of last year, 2018, I took steps to point out, in a very public >>way, on the NANOG mailing list, two notable hijacking situations that came >>to my attention *and* also to identify, by name, the actors that were quite >>apparently behind each of those. In neither of those instances was there >>ever even any serious attempt, by either of the relevant parties, to refute >>-any- of my very public allegations. > >If they had refuted the allegations then it would have become rather >complicated and it would have come down to one entities word against >another and perhaps the examination of documentary evidence of what >arrangements had been authorised (and then perhaps forensic assessment >of the authenticity of those documents). I am not persuaded that such complexity would ever actuall arise, in practice, although I do confess that my view may be colored by the facts of the specific cases I have personally looked at. (In one of the two cases I cited, an allegedly "Ukranian" entity was quite obviously... and quite blatantly... hijacking a block of ARIN-issued IPv4 addresses that were officially registered to the United States Air Force, thus leaving no ambiguity whatsoever.) >Some BGP hijacking cases have been prosecuted on the basis of the >forging of documents rather than on the hijack per se. Perhaps you could share references to such incidents (?) I don't doubt your assertion here, but I, for one, am always interested to look at the details of additional cases. >I agree that it can be pretty clear what has gone on and the accused >then helpfully acts in such a way as to make it clear to everyone that >they were "guilty"... Yes. It is certainly the case that, on some occasions, at least, the crooks have been most helpful in their own downfalls. >However, it is not necessarily clear at all and writing a policy which >assumes that it will always be clear is in my view unwise. > >Assuming that experts will always be able to determine who is at fault >(along with deciding whether an event they know little of is accidental >or deliberate) is to live in a world that I do not recognise. I disagree completely. The world would be one that you most certainly *would* recognize. Your argument basically boils down to the following unsustainable assertion: We cannot assume that we will always, and in 100% of all cases, be able to accurately recognize "crime" when we see it. Therefore we should have -no- criminal laws. That is the undeniable fundamental logic of your position. There *is* a world that you would not recognize, and it is one that would be guided by this very principal that you are espousing. What would the world be like if we all just shrugged and said "Oh, well, we cannot be absolutely sure that we will be 100% accurate when we prosecute shoplifters, or murderers, and therfore we will never even try to do so" ? *That* would be the world that you would not recognize. But we already have a living, breathing example of that world, and the effects of such a guiding principal, when put into actual practice... and it is NOT a pretty picture. The world in question is called RIPE, where scofflaws roam free, and where, at worst, those same scofflaws are only subjected to some rather modest public embarassement. I would be the first to agree that something less than 100% of all shoplifting cases and also something less than 100% of all murder cases are so abundantly clear as to leave no doubts whatsoever. In my own country, several murder cases have been overturned, upon further review, sometimes even decades after an innocent man has been incarcerated. These cases are quite obviously problematic for anyone with any semblance of a conscience. But I have yet to hear even the most liberal of defense attorneys argue in favor of legalizing murder... or shoplifting for that matter.. as an appropriate or well reasoned response to the vagaries and vissitudes of our imperfect justice system... as you appear to be doing. (Because that *is* really the inescapable end-point of your position.) >If the policy stopped at the statement that unauthorised BGP hijacking >was unacceptable behaviour then I would be happy with it. I have no idea what country you live in, but would you likewise find it equally acceptable if your local national legislature also and likewise passed a resolution calling for murder to be entirely decriminalized, while adding that it is the sense of the legislature that murder shall nontheless, and henceforth, be deemed "unacceptable behaviour" deserving of public derision and scorn, but no further penalties whatsoever? If so, I would suggest to you that anarchy and chaos would ensue. If a concrete example is needed, then I can and will simply point to what's been going on in the RIPE region, specifically with respect to the number reso
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Sun, 31 Mar 2019, Richard Clayton wrote: (...) I meant that the experts cannot ever be absolutely certain that their evaluation is correct -- though of course they can be correct in their nuanced assessment. I've been thinking about Cynthia Revstrom's argument, and now i'm thinking if unanimity between all experts in every case is a needed "feature". In the summer of last year, 2018, I took steps to point out, in a very public way, on the NANOG mailing list, two notable hijacking situations that came to my attention *and* also to identify, by name, the actors that were quite apparently behind each of those. In neither of those instances was there ever even any serious attempt, by either of the relevant parties, to refute -any- of my very public allegations. If they had refuted the allegations then it would have become rather complicated and it would have come down to one entities word against another and perhaps the examination of documentary evidence of what arrangements had been authorised (and then perhaps forensic assessment of the authenticity of those documents). Afaik, some allegations were made in response to Mr.Krebs questions, however, as far as i've seen ASNs sourcing hijacks and the direct transit ASN kind of vanished some days later. Some BGP hijacking cases have been prosecuted on the basis of the forging of documents rather than on the hijack per se. Really? in courts? i'll be very interested to know in which jurisdictions. I don't have any doubt that if someone hijacks a prefix or sub-prefix from a mobile operator, consequences in justice should be unavoidable... But regarding Internet prefixes (or ASN) i'm really unaware of any case. I agree that it can be pretty clear what has gone on and the accused then helpfully acts in such a way as to make it clear to everyone that they were "guilty" (or individual peers assess the situation from their own standpoint and decide that they do not have an obligation to carry the traffic). If peers share their routing view publicly (i.e. peering with RIS) then anyone should be able to assess :-) However, it is not necessarily clear at all and writing a policy which assumes that it will always be clear is in my view unwise. I don't think this is the case of 2019-03. Cases/reports where there is unsufficient evidence or where there is any kind of doubts should be dismissed. 2019-03 aims to create an inexistent rule, that could lead to consequences, but it isn't trying to define those consequences are mandatory to be implemented in a 1st instance, 2nd instance, 3rd instance and so on. That should be left to the already existing concept of "repeateadly policy violations" Assuming that experts will always be able to determine who is at fault (along with deciding whether an event they know little of is accidental or deliberate) is to live in a world that I do not recognise. If they are not able, then a case should be dismissed. Simple as that. If the policy stopped at the statement that unauthorised BGP hijacking was unacceptable behaviour then I would be happy with it. Adding all the procedural stuff about how BGP hijacking will be (easily of course) We can rephrase/review it in version 2.0. detected and exotic details about experts and report forms and time periods is (a) irrelevant to establishing the principle and (b) cluttered with false assumptions and unhelpful caveats and (c) way too formalised to survive dealing with some real examples. Some people seem to want the exact some opposite, a process to be detailed in its every aspect. Thanks. Best Regards, Carlos -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message <74227.1553972...@segfault.tristatelogic.com>, Ronald F. Guilmette writes >In message , >Richard Clayton wrote: > >>It is NOT possible (for experts or almost anyone else) to accurately >>evaluate who is performing BGP hijacks... > >I did not intend to participate any further in this discussion, above and >beyond what I already have done, but I fell compelled to at least point out >the intellectual dishonesty of the above assertion. It is, I agree, badly phrased. I apologise. I meant that the experts cannot ever be absolutely certain that their evaluation is correct -- though of course they can be correct in their nuanced assessment. >In the summer of last year, 2018, I took steps to point out, in a very public >way, on the NANOG mailing list, two notable hijacking situations that came >to my attention *and* also to identify, by name, the actors that were quite >apparently behind each of those. In neither of those instances was there >ever even any serious attempt, by either of the relevant parties, to refute >-any- of my very public allegations. If they had refuted the allegations then it would have become rather complicated and it would have come down to one entities word against another and perhaps the examination of documentary evidence of what arrangements had been authorised (and then perhaps forensic assessment of the authenticity of those documents). Some BGP hijacking cases have been prosecuted on the basis of the forging of documents rather than on the hijack per se. I agree that it can be pretty clear what has gone on and the accused then helpfully acts in such a way as to make it clear to everyone that they were "guilty" (or individual peers assess the situation from their own standpoint and decide that they do not have an obligation to carry the traffic). However, it is not necessarily clear at all and writing a policy which assumes that it will always be clear is in my view unwise. Assuming that experts will always be able to determine who is at fault (along with deciding whether an event they know little of is accidental or deliberate) is to live in a world that I do not recognise. If the policy stopped at the statement that unauthorised BGP hijacking was unacceptable behaviour then I would be happy with it. Adding all the procedural stuff about how BGP hijacking will be (easily of course) detected and exotic details about experts and report forms and time periods is (a) irrelevant to establishing the principle and (b) cluttered with false assumptions and unhelpful caveats and (c) way too formalised to survive dealing with some real examples. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi Richard, All, Thanks for your input. Please see inline. On Sat, 30 Mar 2019, Richard Clayton wrote: There are already enough sources of historic and almost real-time routing data which function as a worldwide observatory. From these sources it is possible to accurately evaluate who is performing BGP Hijacks and harming (or trying to harm) third party networks by doing so. It is not necessarily the case that BGP hijacks will be visible in the globally collected datasets. what then ? Then if there is no available proof related to a specific hijack, the case should be extremely hard to obtain confirmation from experts (or even reach the 2nd round of experts). Also, where the resources of defunct companies are hijacked then it is not the routing table which will be key evidence but rather the paperwork on file at the RIR or elsewhere. There is no discussion of this aspect of the issue at all (despite it being a major component of hijack events over the past five years) If that data is not public, then it could hardly be referenced within a report filed with the RIR.. if it is public (through a companies' register?), i think it could be referenced so the experts can check. I think looking at BGP neighbors might also provide some insight. But anyway, if there isn't enough evidence, a complaint/report should be dismissed. Do you have any suggestion to improve the process? The external experts are mere evaluators, who can use available sets of routing data to determine whether BGP hijacking events have taken place, and whether were intentional. It is NOT possible (for experts or almost anyone else) to accurately evaluate who is performing BGP hijacks -- for every announcement there will be at least two networks (AS numbers) who might have done it and the experts will be using their skill and judgment to guess which of them is culpable. I think a report should only point to _one_ specific party. If it points to the legitimate holder, then it's logical to dismiss it. If this is not the case, then it should be looked into by experts. Although in many cases it is "obvious" who did it, there is always at least one other AS on the path who is able to "frame" the suspect and so the experts are mainly deciding how plausible it is that someone is being framed The keyword here should be *persistent*. If you see several hijacks from the same source... If not, anyone who is accused should have the opportunity to defend itself. The process could (and will) be more detailed, but the checks & balances already described were designed in a way that only after the ratification phase, an accused party is considered to have done an intentional hijack. It's not the accused party who has to prove that they didn't do it, it's the evidence that needs to be compelling enough so there are no doubts to (a significant amount of) experts that an intentional hijack had its origin on the accused party. But again, let me remember you... a process will primarily depend on a report. The direct upstreams of the suspected hijacker, which facilitate the hijack through their networks, may receive a warning the first time. Nevertheless, in successive occasions they could be considered by the experts, if intentional cases are reproduced, as an involved party. This is pretty opaque ... but if it is meant to be read as "global transit providers are responsible for the behaviour of their customers" then this is what Sir Humphrey would call a "courageous" approach. No. Maybe a clarification is needed here, and possibly some rephrasing -- a transit provider should receive notices *after* an intentional hijack is determined and ratified. The spirit of the text above was to discourage people to "owning company A and B to Z, sourcing the hijacks at B and provide transit through A, then repeat replacing B with C, D, E, and so on... and keeping the transit through A". We need to find the best wording possible, but "global transit providers" and "internet exchange providers" are not seen by the authors as possible "accused" parties. I mean, it's possible that anyone will file a report including companies that fall under those categories, but those will most likely be easily dismissed by experts. The expert?s investigation, will be able to value relationships between LIRs/end users, of the same business groups. How ? Looking at public companies registries, for once... "same business groups" could possibly be reworded into "same ownership". Accidental cases or those that can?t be clearly classified as intentional, will receive a warning, which may be considered if repeated. this is incoherent -- and there does not seem to be any clarity about what a "warning" means from a consequences point of view Noted. The text needs more clarity. It means a message should be generated to the
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Sat, Mar 30, 2019, 8:07 PM Ronald F. Guilmette wrote: > >It is NOT possible (for experts or almost anyone else) to accurately > >evaluate who is performing BGP hijacks... > > [..] intellectual dishonesty of the above assertion. > > [..] > > Neither of these two situations were in any sense ambiguous, and it is the > very height of intellectual dishonesty to suggest otherwise. > Survivorship bias, y'know. -- Töma >
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi, on Sat, Mar 30, 2019 at 12:07:16PM -0700, Ronald F. Guilmette wrote: > > In message , > Richard Clayton wrote: > > >It is NOT possible (for experts or almost anyone else) to accurately > >evaluate who is performing BGP hijacks... > > I did not intend to participate any further in this discussion, above and > beyond what I already have done, but I fell compelled to at least point out > the intellectual dishonesty of the above assertion. The fact that you found two examples of very clean and unambiguous nature does not falsify Richard's general statement. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , Richard Clayton wrote: >It is NOT possible (for experts or almost anyone else) to accurately >evaluate who is performing BGP hijacks... I did not intend to participate any further in this discussion, above and beyond what I already have done, but I fell compelled to at least point out the intellectual dishonesty of the above assertion. In the summer of last year, 2018, I took steps to point out, in a very public way, on the NANOG mailing list, two notable hijacking situations that came to my attention *and* also to identify, by name, the actors that were quite apparently behind each of those. In neither of those instances was there ever even any serious attempt, by either of the relevant parties, to refute -any- of my very public allegations. One of those was BitCanal, which was widely recognized as having participated in hijackings for literally years on end. Subsequent to my public allegations, various outher parties took it upon themselves to actually reduce the connectivity of this rogue company, with the ultimate effect being that the company had trouble finding any connectivity anywhere. These are historical facts and easily verifiable by anyone taking the time to look into the full historical record. The other situation involved a company calld D2 International Investment Ukraine, Ltd. and its apparent alter ego, Universal IP Solution Corp. Both companies were later revealed to have been performing hijacks in the service of a complex criminal enterprise which had as its goal a great deal of so-called "ad fraud". This entire complex scheme purportedly netted the perpetrators in excess of $29 million (USD) and resulted in numerous international criminal indictments: https://arstechnica.com/information-technology/2018/12/how-3ves-bgp-hijackers-eluded-the-internet-and-made-29m/ Neither of these two situations were in any sense ambiguous, and it is the very height of intellectual dishonesty to suggest otherwise. I understand that various people do not approve of the current propsal as written. That is their right. I would ask however that the opposition not marshall provably bogus arguments to support what I feel, equally strongly, is a totally wrong-headed view of the present proposal. Regards, rfg
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On 24/03/2019 14:48, Sander Steffann wrote:
Hi Gert,
Now, I do share the wish to "do something!!" against BGP hijacking.
So, maybe a more workable way forward would be to change this into a BCP
("the RIPE anti-abuse community states with full backing from the RIPE
community that BGP hijacking, as defined in , is considered
unwanted behaviour") - and *then* use that on a commercial/peering basis
among transit ISPs to strengthen the message "we want *you* to filter
your customer BGP sessions, because that's the proper way to run a network!".
+1
Cheers,
Sander
Nice but probably as effective as MANRS.
Regards,
Hank
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message <1f2fdfe3-4929-4d3f-8334-8d7755e94...@consulintel.es>, JORDI PALET MARTINEZ via anti-abuse-wg writes >If you want to have an idea of "what" we have captured during the discussion >in >this mailing list, we have also submitted the "improved" version to ARIN (and >working on the same for APNIC and AfriNIC). > >You can read that (in English) here: >https://www.arin.net/participate/policy/proposals/2019/ARIN_prop_266_v2/ I am disappointed that little has been done to address the technical misconceptions / pious hopes in the RIPE proposal. There are already enough sources of historic and almost real-time routing data which function as a worldwide observatory. From these sources it is possible to accurately evaluate who is performing BGP Hijacks and harming (or trying to harm) third party networks by doing so. It is not necessarily the case that BGP hijacks will be visible in the globally collected datasets. what then ? Also, where the resources of defunct companies are hijacked then it is not the routing table which will be key evidence but rather the paperwork on file at the RIR or elsewhere. There is no discussion of this aspect of the issue at all (despite it being a major component of hijack events over the past five years) The external experts are mere evaluators, who can use available sets of routing data to determine whether BGP hijacking events have taken place, and whether were intentional. It is NOT possible (for experts or almost anyone else) to accurately evaluate who is performing BGP hijacks -- for every announcement there will be at least two networks (AS numbers) who might have done it and the experts will be using their skill and judgment to guess which of them is culpable. Although in many cases it is "obvious" who did it, there is always at least one other AS on the path who is able to "frame" the suspect and so the experts are mainly deciding how plausible it is that someone is being framed The direct upstreams of the suspected hijacker, which facilitate the hijack through their networks, may receive a warning the first time. Nevertheless, in successive occasions they could be considered by the experts, if intentional cases are reproduced, as an involved party. This is pretty opaque ... but if it is meant to be read as "global transit providers are responsible for the behaviour of their customers" then this is what Sir Humphrey would call a "courageous" approach. The expert’s investigation, will be able to value relationships between LIRs/end users, of the same business groups. How ? Accidental cases or those that can’t be clearly classified as intentional, will receive a warning, which may be considered if repeated. this is incoherent -- and there does not seem to be any clarity about what a "warning" means from a consequences point of view As soon as the policy implementation is completed, a transition period of 6 months will be established, so that organizations that announce unassigned address space or autonomous systems numbers, due to operational errors or other non-malicious reasons, receive only a warning. This section of the text is presumably meant to address the "bogons" issue -- the long-standing disputes between various networks and the RIRs as to whether or not they are entitled to announce various prefixes or use particular AS numbers. It seems optimistic to assume these issues will be addressed in six months. Or perhaps you are expecting ARIN (and all the other RIRs) to void contracts with the US Department of Defence, with Level 3, with CenturyLink, with Hewlett Packard, with Verizon, with Comcast, with AT&T and with Rogers ?? crickets There is no discussion of the mis-use of AS numbers. Arguably this would be merely a clarification, but it would I think be a useful one to assist the experts in their proposed work. >Actually, question for the chairs and Marco. Do you think it makes sense to >continue the discussion with the current version before improving it, or >already >sending a new one? Sending RIPE the ARIN version which hardly addresses key technical points which have been made to you does not seem especially valuable Also, of recent days there has been some (ill-informed) discussion about RPKI and the use of ROAs to settle disputes about hijacking. There is no mention of this in the ARIN document so it is not possible to identify whatever technical implausibility will be put forward. (Hint: RPKI is great for reducing the incidence of "fat fingering", it merely provides a slight (if that) impediment to an intentional hijacker) >There is a lot of improvement already, the discussion has >been extremely useful for the authors. However, we are missing some NCC >inputs, >for example, regarding legal questions that we raised several times, so if >sending a new ve
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
If you want to have an idea of "what" we have captured during the discussion in this mailing list, we have also submitted the "improved" version to ARIN (and working on the same for APNIC and AfriNIC). You can read that (in English) here: https://www.arin.net/participate/policy/proposals/2019/ARIN_prop_266_v2/ Actually, question for the chairs and Marco. Do you think it makes sense to continue the discussion with the current version before improving it, or already sending a new one? There is a lot of improvement already, the discussion has been extremely useful for the authors. However, we are missing some NCC inputs, for example, regarding legal questions that we raised several times, so if sending a new version means we can't get those inputs, then is not good ... Note: As said this already before, I think. We aren't - the co-authors- coordinating our responses, so we may have different opinions in all what we say, and I think this is good because it helps with the responses of the community to build-out our own positions and clear our "internal" differences (which we have, don't have any doubt on it!) and reach consensus "among ourselves". Regards, Jordi El 30/3/19 10:54, "anti-abuse-wg en nombre de Carlos Friaças via anti-abuse-wg" escribió: On Fri, 29 Mar 2019, Sergey Myasoedov via anti-abuse-wg wrote: > Hello community, Hi Sergey, All, > I strongly oppose to this proposal. The proposal gives a power for > misuse to the RIR I fail to understand how. The main concept of 2019-03 is that it isn't the RIR's role to evaluate if an intentional hijack was performed -- that should be the role of external, independent experts. Btw, a similar policy proposal was published yesterday in LACNIC. > and does not protect members against setup. We aim to refine the proposal, so can you please specify exactly where the members might become "unprotected"? The proposal was built with checks & balances in mind. If they are not enough, let's work towards solving that, so noone will feel "unprotected". > I believe this policy have nothing to do in RIPE. Quoting: = > -Original Message- > From: Sascha Luck [ml] > Sent: Monday 25 March 2019 12:24 > > I therefore argue that it is maybe time to have a discussion on what > exactly RIPE and the NCC should be and what, if any, limits on their > administrative power there should be. > I hope, though, that everyone can at least agree that *this* is > *not* the forum for that discussion. To confirm, the Anti-Abuse WG is absolutely not the right forum for that discussion. Thanks, Brian Co-Chair, RIPE AA-WG = I understood this as "the Anti-Abuse WG is not the right forum to discuss the RIPE NCC's charter, the PDP or if any given proposal is admissible or not". > It's better to issue it as a BCP document or an informational RFC. I agree a BCP document can also be useful, so we'll start that as soon as possible. However, having a clear statement within RIPE policies sends a much stronger message to anyone thinking about engaging in such practices. Again, i want to point out the detail that anyone performing intentional hijacks _today_ (or last month or the previous year) is *not* within the proposal's scope -- if it happens to get accepted. There are absolutely no rules *today* against (IP address space/ASN) hijacks, and this is precisely the gap 2019-03 aims to fix. Best Regards, Carlos Friaças > -- > Sergey > > Tuesday, March 19, 2019, 1:41:22 PM, you wrote: > > MS> Dear colleagues, > > MS> A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE > MS> Policy Violation", is now available for discussion. > > MS> The goal of this proposal is to define that BGP hijacking is not > MS> accepted as normal practice within the RIPE NCC service region. > > MS> You can find the full proposal at: > MS> https://www.ripe.net/participate/policies/proposals/2019-03 > > MS> As per the RIPE Policy Development Process (PDP), the purpose of > MS> this four-week Discussion Phase is to discuss the proposal and > MS> provide feedback to the proposer. > > MS> At the end of the Discussion Phase, the proposers, with the > MS> agreement of the Anti-Abuse WG co-chairs, decide how to proceed with the proposal. > > MS> We encourage you to review this proposal and send your comments > MS> to before 17 April 2019. > > MS> Kind regards, > > MS> Marco Schmidt > MS> Policy Officer > MS> RIPE NCC > > MS> Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum > > > >
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Fri, 29 Mar 2019, Sergey Myasoedov via anti-abuse-wg wrote: Hello community, Hi Sergey, All, I strongly oppose to this proposal. The proposal gives a power for misuse to the RIR I fail to understand how. The main concept of 2019-03 is that it isn't the RIR's role to evaluate if an intentional hijack was performed -- that should be the role of external, independent experts. Btw, a similar policy proposal was published yesterday in LACNIC. and does not protect members against setup. We aim to refine the proposal, so can you please specify exactly where the members might become "unprotected"? The proposal was built with checks & balances in mind. If they are not enough, let's work towards solving that, so noone will feel "unprotected". I believe this policy have nothing to do in RIPE. Quoting: = -Original Message- From: Sascha Luck [ml] Sent: Monday 25 March 2019 12:24 I therefore argue that it is maybe time to have a discussion on what exactly RIPE and the NCC should be and what, if any, limits on their administrative power there should be. I hope, though, that everyone can at least agree that *this* is *not* the forum for that discussion. To confirm, the Anti-Abuse WG is absolutely not the right forum for that discussion. Thanks, Brian Co-Chair, RIPE AA-WG = I understood this as "the Anti-Abuse WG is not the right forum to discuss the RIPE NCC's charter, the PDP or if any given proposal is admissible or not". It's better to issue it as a BCP document or an informational RFC. I agree a BCP document can also be useful, so we'll start that as soon as possible. However, having a clear statement within RIPE policies sends a much stronger message to anyone thinking about engaging in such practices. Again, i want to point out the detail that anyone performing intentional hijacks _today_ (or last month or the previous year) is *not* within the proposal's scope -- if it happens to get accepted. There are absolutely no rules *today* against (IP address space/ASN) hijacks, and this is precisely the gap 2019-03 aims to fix. Best Regards, Carlos Friaças -- Sergey Tuesday, March 19, 2019, 1:41:22 PM, you wrote: MS> Dear colleagues, MS> A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE MS> Policy Violation", is now available for discussion. MS> The goal of this proposal is to define that BGP hijacking is not MS> accepted as normal practice within the RIPE NCC service region. MS> You can find the full proposal at: MS> https://www.ripe.net/participate/policies/proposals/2019-03 MS> As per the RIPE Policy Development Process (PDP), the purpose of MS> this four-week Discussion Phase is to discuss the proposal and MS> provide feedback to the proposer. MS> At the end of the Discussion Phase, the proposers, with the MS> agreement of the Anti-Abuse WG co-chairs, decide how to proceed with the proposal. MS> We encourage you to review this proposal and send your comments MS> to before 17 April 2019. MS> Kind regards, MS> Marco Schmidt MS> Policy Officer MS> RIPE NCC MS> Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hello community, I strongly oppose to this proposal. The proposal gives a power for misuse to the RIR and does not protect members against setup. I believe this policy have nothing to do in RIPE. It's better to issue it as a BCP document or an informational RFC. -- Sergey Tuesday, March 19, 2019, 1:41:22 PM, you wrote: MS> Dear colleagues, MS> A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE MS> Policy Violation", is now available for discussion. MS> The goal of this proposal is to define that BGP hijacking is not MS> accepted as normal practice within the RIPE NCC service region. MS> You can find the full proposal at: MS> https://www.ripe.net/participate/policies/proposals/2019-03 MS> As per the RIPE Policy Development Process (PDP), the purpose of MS> this four-week Discussion Phase is to discuss the proposal and MS> provide feedback to the proposer. MS> At the end of the Discussion Phase, the proposers, with the MS> agreement of the Anti-Abuse WG co-chairs, decide how to proceed with the proposal. MS> We encourage you to review this proposal and send your comments MS> to before 17 April 2019. MS> Kind regards, MS> Marco Schmidt MS> Policy Officer MS> RIPE NCC MS> Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Dear Cynthia, On Mon, 25 Mar 2019, Cynthia Revström wrote: Hi Carlos, On 2019-03-24 15:16, Carlos Friaças via anti-abuse-wg wrote: "It will not stop determined miscreants" -- even if it stops some, it's already something positive, anti-abuse-wise. :-)) The thing is that, if you look at it from another direction, if it just does one "false positive", I would argue that it outweighs 100 small hijacks. I can relate to that argument, while probaly 100 different victims would be a bit more hard to convince. Following mostly Toma's constructive arguments we understand the process needs a lot more detail hardwired into the proposal. Our best attempt to control "false positives" in version 1.0 was the last "ratification" knob. And then we have the other co-author, On Sat, Mar 23, 2019 at 10:42 PM JORDI PALET MARTINEZ via anti-abuse-wg wrote: I think is very obvious that the experts [..] will make sure that when a warning is sufficient How is that obvious? Answer: it is not obvious, you are just making assumptions. I think what Jordi meant (coming from the other direction) is a case will not reach the policy violation declaration stage. After looking at this in a bit more detail, my stance on this proposal has to be that I strongly object to it. Understood. I do feel like the better way to go about this is on a technical level, with more things like RPKI and IRR, not this stuff. This was already touched in the thread. RPKI deployment, unfortunately, is still in a very initial phase. When someone asks me -- how do you know this is an hijack? -- my usual answer is: "OK, if they are the rightful owners then ask them to add a ROA". If they can't... well... This is something which is not explicitely written, but it should be simple to dismiss a wrongfully submitted report -- if the ROA is not in place, then the "anomaly" could be fixed by creating one. So yes, we strongly support RPKI and we will try to embed in v2.0 clauses that will clearly support RPKI usage. On another note, unless all RIRs have a similar policy, then a hijacker wouldn't have to be from RIPE, or what if they have gotten hold of a legacy ASN. As i've stated before on this thread, the other four RIRs will also have a proposal on their tables. About legacy resources, the RIR can't de-register anything. The only angle i see where they could help contain hijackers is by refusing access to services. My point is that, no matter what the authors intended, I think this policy, would stop close to no determined hijackers, and We hope it might dissuade some of even trying (and we can't measure that...), but having *nothing* in place might work like an incentive for some. Gert already suggested a new BCP. I think we'll try that too :-) probably cause a few "false positives". That's something we want to erradicate. We need more work and more text. Any input is welcome! Best Regards, Carlos - Cynthia
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
> -Original Message- > From: anti-abuse-wg On Behalf Of > Ronald F. Guilmette > Sent: Saturday 23 March 2019 23:47 > > In message internet.com>, > Erik Bais wrote: > > >So if we want the Executive board to do something like this, this needs > >to go to the GM. > > I have no reason to doubt that. > > It is still, I believe,. within the prerogative of this WG to pass a non- > binding > resolution -recommending- that the GM take up the matter, and that it > accept the proposal. Would you agree? > > I ask the Chair for clarification. The WG can do all sorts of things. 😊 Should this proposal reach consensus, and remember that part of that process includes an impact assessment report from the NCC, there will have to be extensive discussions on how it might be approached and implemented. Non-binding resolutions are tricky things at the best of times. > >I would also like it if you would refrain from making ANY comments > >about the WWII and apologize to the people on the list. > > My apologies. I confess that I utterly negelected to consider the possibility > that some in Europe might be extremely sensitive about a reference to a > well-documented historical event which, I hoped, everyone might at least be > familiar with, even if it only occurred in a time before even most of your > parents were born. It is generally best to avoid reference to avoid references to any such acts of reprehensible evil when making comparisons, whether they are within living memory or not. This list is not a good place to get into who did what, to whom, when. I can summon many examples of things that one group might feel is a fine thing to say, while another may, completely justifiably, be greatly upset by a reference. If comparisons or proofs, to say that a fact is a fact, then maybe science might be a safer port. Thanks all, Brian Co-Chair, RIPE AAWG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Colleagues, > -Original Message- > From: anti-abuse-wg On Behalf Of > Ronald F. Guilmette > Sent: Friday 22 March 2019 21:43 > > > A vote in favor of the proposal is in fact a vote in favor of *true* > neutrality > and impartiality and *against* the unilateral decisions and actions of > individual actors which themselves have personalized motives that are often > both unseen and also often more than a little suspect. To clarify, the discussion on this proposal is a discussion, not a vote. When judging consensus the Co-Chairs will look at the points made during the discussion, not count the +1s. Of course it is useful to get a feeling for general agreement, so simple statements of support or dissent are very useful, but they are not the core of the thing. Thanks, Brian Co-Chair, RIPE AAWG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi Carlos, On 2019-03-24 15:16, Carlos Friaças via anti-abuse-wg wrote: "It will not stop determined miscreants" -- even if it stops some, it's already something positive, anti-abuse-wise. :-)) The thing is that, if you look at it from another direction, if it just does one "false positive", I would argue that it outweighs 100 small hijacks. And then we have the other co-author, On Sat, Mar 23, 2019 at 10:42 PM JORDI PALET MARTINEZ via anti-abuse-wg wrote: I think is very obvious that the experts [..] will make sure that when a warning is sufficient How is that obvious? Answer: it is not obvious, you are just making assumptions. After looking at this in a bit more detail, my stance on this proposal has to be that I strongly object to it. I do feel like the better way to go about this is on a technical level, with more things like RPKI and IRR, not this stuff. On another note, unless all RIRs have a similar policy, then a hijacker wouldn't have to be from RIPE, or what if they have gotten hold of a legacy ASN. My point is that, no matter what the authors intended, I think this policy, would stop close to no determined hijackers, and probably cause a few "false positives". - Cynthia
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Sun, Mar 24, 2019 at 01:16:59AM +0100, Töma Gavrichenkov wrote: > On Sat, Mar 23, 2019 at 10:42 PM JORDI PALET MARTINEZ via > anti-abuse-wg wrote: > > I think is very obvious that the experts [..] will make sure that when a > > warning is sufficient > > NO IT'S NOT > > The process is not clear. No guidelines for the "experts" are defined. > No selection process for "experts" is drafted. That's just wishful > thinking as of now, where the best candidate for the experts' panel is > probably Albus Dumbledore himself. Well said. +1 Piotr -- Piotr Strzyżewski Silesian University of Technology, Computer Centre Gliwice, Poland
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Peace, On Sun, Mar 24, 2019, 2:10 PM Carlos Friaças wrote: > I believe that's a matter of preference, but thank you, it's valuable > input for version 2.0 (which will probably be a lot longer and less prone > to be read by a larger set of people). > Alright. Just for the sake of simplicity, you may assume that my current reaction is "object". Having said that, I really appreciate your effort, support your initial intentions and am really looking forward to seeing the next revision right after the problem statement is clarified. -- Töma >
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Gert, Töma, All,
"It will not stop determined miscreants" -- even if it stops some, it's
already something positive, anti-abuse-wise. :-))
"sanctions are irrelevant for someone who does this on purpose" --
sanctions are not specified in 2019-03, but if there are will be any at
some point, the impact will depend on the size of assets that "someone"
already has gathered (and which part of it can be associated with
him/her).
"it brings the RIPE NCC into difficult legal territory" -- i will leave
this for the impact analysis (by the RIPE NCC).
More important than the three details above:
Creating a BCP along the lines you describe is something i can definitely
support!
I haven't consulted with Jordi about this yet, but i think the BCP is
something that can be worked in paralell with 2019-03's due course.
To be clear: it wouldn't be "change 2019-03 into a BCP", but "creating a
new BCP in addition to 2019-03".
Best Regards,
Carlos
On Sun, 24 Mar 2019, Gert Doering wrote:
Hi,
On Sun, Mar 24, 2019 at 02:08:53AM +0100, Töma Gavrichenkov wrote:
E.g. I'm the attacker, I start the hijacking, I continue that for 10
weeks until I'm denied membership.
I don't lose any valuable address space at the time because it's just
IPv6 which is totally disposable.
I then switch to another LIR account I've obtained before, and start
doing the same thing, at a cost of a generous sign-up fee.
What's the value of the 2019-03 proposal then?
This is one of the aspects that makes me really sceptic of the value
of this proposal as written.
It will not stop determined miscreants, because the reaction time is
WAY too long, and the sanctions are irrelevant for someone who does this
on purpose. So it does not stop, and does not deter, and as such, does
not achieve the stated purpose.
On the other hand, it brings the RIPE NCC into difficult legal territory,
for all the reasons Nick and Sascha have written.
As such, I have decided that I can not support the policy as written,
and change my stance from "neutral" to "object".
Now, I do share the wish to "do something!!" against BGP hijacking.
So, maybe a more workable way forward would be to change this into a BCP
("the RIPE anti-abuse community states with full backing from the RIPE
community that BGP hijacking, as defined in , is considered
unwanted behaviour") - and *then* use that on a commercial/peering basis
among transit ISPs to strengthen the message "we want *you* to filter
your customer BGP sessions, because that's the proper way to run a network!".
Sometimes just agreeing on a written-down message already helps on other
fronts.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi Töma, All, Again i think i understand the need to describe each and every detail in the next version. I'm not going to deeply discuss "2021 & IPv6" -- it's something i would personnally love to see (i think Jordi might even prefer 2020 & IPv6), but unfortunately that is almost impossible... :/ About the "another LIR account I've obtained before" bit: Again, i think a clarification is needed on the proposal -- the complaint/report filing mechanism should enable the person filing the report to state the actor and all it's identifiable "under control" companies and resources, meaning: [LIR list] . . . . . ...could all be referenced within a single report. This, logically, is easier to spot when the actor uses the same name in several companies' registrations (even if in different countries' registries). Then, if such actors prefer to use registrations in offshore places, spotting anything becomes obviously quite difficult. :-( Regards, Carlos On Sun, 24 Mar 2019, Töma Gavrichenkov wrote: Peace, A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy Violation", is now available for discussion. Alright, folks, what I'm trying to do now is to stress the conditions. Let's say it's 2021 and IPv6 is fully deployed, and IPv4 is no more. [now no one could say I'm pessimistic, right?] How's that policy supposed to work then? E.g. I'm the attacker, I start the hijacking, I continue that for 10 weeks until I'm denied membership. I don't lose any valuable address space at the time because it's just IPv6 which is totally disposable. I then switch to another LIR account I've obtained before, and start doing the same thing, at a cost of a generous sign-up fee. What's the value of the 2019-03 proposal then? -- Töma
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi Töma, All, I believe that's a matter of preference, but thank you, it's valuable input for version 2.0 (which will probably be a lot longer and less prone to be read by a larger set of people). This (really long) discussion is useful and it's just one phase in the PDP. Cheers, Carlos On Sun, 24 Mar 2019, Töma Gavrichenkov wrote: On Sat, Mar 23, 2019 at 2:39 PM Carlos Friaças wrote: 1. As of now, the draft looks like a nice example of "document designed by a committee". Just two co-authors. That rant wasn't about the process but rather the result ;-) Next: 1. If your issue is timescales they can be adapted in subsequent versions. 2. The scenarios you and others mentioned should be run through the process 3. Firstly it will depend on a complaint/report, then it must be crystal clear (with all the checks & balances in place) that is was intentional 4. (!!) It's not explicitely written down, but yes, [..] May we, for once, have a policy proposal that's not a "common sense will prevail"-style one pager that explicitly covers all the topics it proposes (such as the role and the responsibility of the team of "experts" mentioned above), all of the glossary it uses, the timeline, and all the corner cases, and discuss the proposal only after all those are in place? -- Töma
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi Gert,
> Now, I do share the wish to "do something!!" against BGP hijacking.
>
> So, maybe a more workable way forward would be to change this into a BCP
> ("the RIPE anti-abuse community states with full backing from the RIPE
> community that BGP hijacking, as defined in , is considered
> unwanted behaviour") - and *then* use that on a commercial/peering basis
> among transit ISPs to strengthen the message "we want *you* to filter
> your customer BGP sessions, because that's the proper way to run a network!".
+1
Cheers,
Sander
signature.asc
Description: Message signed with OpenPGP
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi,
On Sun, Mar 24, 2019 at 02:08:53AM +0100, Töma Gavrichenkov wrote:
> E.g. I'm the attacker, I start the hijacking, I continue that for 10
> weeks until I'm denied membership.
> I don't lose any valuable address space at the time because it's just
> IPv6 which is totally disposable.
> I then switch to another LIR account I've obtained before, and start
> doing the same thing, at a cost of a generous sign-up fee.
>
> What's the value of the 2019-03 proposal then?
This is one of the aspects that makes me really sceptic of the value
of this proposal as written.
It will not stop determined miscreants, because the reaction time is
WAY too long, and the sanctions are irrelevant for someone who does this
on purpose. So it does not stop, and does not deter, and as such, does
not achieve the stated purpose.
On the other hand, it brings the RIPE NCC into difficult legal territory,
for all the reasons Nick and Sascha have written.
As such, I have decided that I can not support the policy as written,
and change my stance from "neutral" to "object".
Now, I do share the wish to "do something!!" against BGP hijacking.
So, maybe a more workable way forward would be to change this into a BCP
("the RIPE anti-abuse community states with full backing from the RIPE
community that BGP hijacking, as defined in , is considered
unwanted behaviour") - and *then* use that on a commercial/peering basis
among transit ISPs to strengthen the message "we want *you* to filter
your customer BGP sessions, because that's the proper way to run a network!".
Sometimes just agreeing on a written-down message already helps on other
fronts.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
signature.asc
Description: PGP signature
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Peace, > A new RIPE Policy proposal, 2019-03, "BGP Hijacking is > a RIPE Policy Violation", is now available for discussion. Alright, folks, what I'm trying to do now is to stress the conditions. Let's say it's 2021 and IPv6 is fully deployed, and IPv4 is no more. [now no one could say I'm pessimistic, right?] How's that policy supposed to work then? E.g. I'm the attacker, I start the hijacking, I continue that for 10 weeks until I'm denied membership. I don't lose any valuable address space at the time because it's just IPv6 which is totally disposable. I then switch to another LIR account I've obtained before, and start doing the same thing, at a cost of a generous sign-up fee. What's the value of the 2019-03 proposal then? -- Töma
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Sat, Mar 23, 2019 at 10:33 PM Ronald F. Guilmette wrote: > >2. OTOH the ultimate result (membership cancellation) may be seen as a > >very heavy punishment. > > Did you have some particular alternative in mind that you wanted to propose? Yes, the message you're replying to featured the word "suspension". > Sending the miscreant hijacker to bed without supper perhaps? This line of characters is a pathetic statement which carries no additional useful information, please refrain from doing that again. > I do believe that the main idea here was *not* to have the nuclear missles > on a hair-trigger *or* to launch them within a few minutes of the beginning > of a hijacking event Me too, what's the point? > but rather [the main idea here was] to *notify* the party responsible, and > then, if and ONLY IF absolutely NO ACTION is taken to resolve the problem > after some reasonable period of time, then, and only then, it would > *begin* to be a real possibility that sanctions would be applied. This is not stated in the text. I don't care what's the "main idea" was wherever and whenever it was. Either it's in the text or it's absent, and that's it. > Believe me, none of the sponsors or proponents of this proposal wants to > see the nuclear missles launched mistakenly, for example, in response to > a falling meteor or a volcanic eruption somewhere. This line of characters is a pathetic statement which carries no additional useful information, please refrain from doing that again. -- Töma
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Sat, Mar 23, 2019 at 10:42 PM JORDI PALET MARTINEZ via anti-abuse-wg wrote: > I think is very obvious that the experts [..] will make sure that when a > warning is sufficient NO IT'S NOT The process is not clear. No guidelines for the "experts" are defined. No selection process for "experts" is drafted. That's just wishful thinking as of now, where the best candidate for the experts' panel is probably Albus Dumbledore himself. -- Töma
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Sat, Mar 23, 2019 at 2:39 PM Carlos Friaças wrote: > > 1. As of now, the draft looks like a nice example of "document > > designed by a committee". > > Just two co-authors. That rant wasn't about the process but rather the result ;-) Next: 1. > If your issue is timescales they can be adapted in subsequent versions. 2. > The scenarios you and others mentioned should be run through the process 3. > Firstly it will depend on a complaint/report, then it must be crystal > clear (with all the checks & balances in place) that is was intentional 4. (!!) > It's not explicitely written down, but yes, [..] May we, for once, have a policy proposal that's not a "common sense will prevail"-style one pager that explicitly covers all the topics it proposes (such as the role and the responsibility of the team of "experts" mentioned above), all of the glossary it uses, the timeline, and all the corner cases, and discuss the proposal only after all those are in place? -- Töma
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Sat, Mar 23, 2019 at 1:48 PM JORDI PALET MARTINEZ via anti-abuse-wg wrote: > Our intent is NOT to "stop" the attack with the claim (not efficient at all), > but to allow to be reviewed in order to avoid it, in the future, if possible > from the same actors. Not efficient at all. As demonstrated above in the thread, the same actors would then apply for a next LIR with a totally new commercial entity. At that point I don't understand anymore the problem you're trying to solve. -- Töma
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Hi Jordi, On Sat, Mar 23, 2019 at 1:44 PM JORDI PALET MARTINEZ via anti-abuse-wg wrote: > Hi Töma, - You have ignored the argument No. 2; - And, I'm really not convinced by your computations in the paragraph No 4. I'm so glad to see that all the actions I've managed to outline in an e-mail message sum up to the numbers in the policy. Could we please then see that breakdown in the policy proposal please? I'm personally sorta tired by all those one pager policies where the authors just seem to believe that common sense would make it. it just never seems to. -- Töma
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message , Erik Bais wrote: >So if we want the Executive board to do something like this, this needs to >go to the GM. I have no reason to doubt that. It is still, I believe,. within the prerogative of this WG to pass a non- binding resolution -recommending- that the GM take up the matter, and that it accept the proposal. Would you agree? I ask the Chair for clarification. >I would also like it if you would refrain from making ANY comments about >the WWII and apologize to the people on the list. My apologies. I confess that I utterly negelected to consider the possibility that some in Europe might be extremely sensitive about a reference to a well-documented historical event which, I hoped, everyone might at least be familiar with, even if it only occurred in a time before even most of your parents were born. I will attempt to remedy that mistake by making my point while using a rather different European historical reference... Facts are facts, and a hijack is a hijack. That cannot be denied, any more than can the fact that there was a revolution in France in 1789. My hope is that this may be a more palatable restatement of my original point, but I am certainly willing and able to give it another try, as may be either appropriate or necessary, and to remove my historical references back even a few more centuries in order to insure that I do not unduly oppress the sensitivities of anyone here who may be a distant descendent of a French royalist. (My only concern is that some here might not be adequately acquainted with the Battle of Thermopylae and/or other and even more distant references which I might summon to the task at hand.) Regards, rfg
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message <20190323135406.go99...@cilantro.c4inet.net>, "Sascha Luck [ml]" wrote: >Further, the danger exists that this community is not done yet. >Once a mechanism to terminate unwelcome behaviour is established, >it is relatively easy to plug in any other behaviour that this >community, or elements thereof, would like to see removed from the >internet. I understand this reasonable concern, but I think that in this instance it is misplaced. Quite certainly, there would be, and rightly should be, many hard questions asked if the proposal on the table were to suspend RIPE memberships in response to, say, failure to pay court-ordered child support, or smoking in a crowded theater, or any of a million other things that some people might deem worthy of punishment but that have nothing at all directly to do with RIPE or its activities. I would completely agree that even the suggestion that RIPE should in any way involve itself in any such clearly unrelated matters would be a bridge too far. But that is not the nature of the proposal on the table. The proposal on the table has to do with Internet number resoures and ONLY Internet number resources, their allocation, their use, and their misuse. This, it seems to me, is a fairly tight ring-fence. Sascha Luck is concerned that in future there might be some outbreak of infectious moral outrage... about this, that, or the other unrelated thing... and that the present proposal sets a precedent that might in future allow social do-gooders to deploy RIPE as a weapon in some largely unrelated moral crusade. This is not an entirely unreasonable concern, and it would indeed be very bad if it happened. But as long as we confine ourselves to the ring-fence of *only* allowing RIPE to take note of events with respect to Internet number resources, I don't see there as being any real possibility that RIPE, in its official capacity, will be energized or employed to address the epidemic of violence in schools, or free needle exchange for addicts, or the preservation of the Brazillian rain forrest. Those are all entirely valid social concerns, but I don't believe that it takes any deep intellectual capacity to notice that, unlike the present proposal, they have nothing specifically to do with Internet number resources. Regards, rfg
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
El 23/3/19 22:33, "anti-abuse-wg en nombre de Ronald F. Guilmette" escribió: In message =?UTF-8?Q?T=C3=B6ma_Gavrichenkov?= wrote: >2. OTOH the ultimate result (membership cancellation) may be seen as a >very heavy punishment. Did you have some particular alternative in mind that you wanted to propose? Sending the miscreant hijacker to bed without supper perhaps? >- hire a script kiddie who will break into that company's Mikrotik; >- announce roughly half of IPv4 address space through that breach just >for it to be surely on the news; >- relax and enjoy watching your competition disappearing in no later >than 2,5 months. I do believe that the main idea here was *not* to have the nuclear missles on a hair-trigger *or* to launch them within a few minutes of the beginning of a hijacking event, but rather to *notify* the party responsible, and then, if and ONLY IF absolutely NO ACTION is taken to resolve the problem after some reasonable period of time, then, and only then, it would *begin* to be a real possibility that sanctions would be applied. Believe me, none of the sponsors or proponents of this proposal wants to see the nuclear missles launched mistakenly, for example, in response to a falling meteor or a volcanic eruption somewhere. Any such premature over-reaction would quite obviously be Bad, and that passage of time usually serves to clarify intent. I think is very obvious that the experts (and the board as the last instance) will make sure that when a warning is sufficient (specially first time even for a clear hijack if there are no *very clear* evidences that it is intentional), but if the same organization or the same people hiding behind another organization, is repeating once and against, then it is time to stop it. We can have more explicit text about that, but I think we must trust the experts judgement, and that's why there is an appeal chance and a final ratification step. As you said, and thanks for that, *IT IS OUR MORAL AND ETHICAL RESPONSIBILITY*. Regards, rfg ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message =?UTF-8?Q?T=C3=B6ma_Gavrichenkov?= wrote: >2. OTOH the ultimate result (membership cancellation) may be seen as a >very heavy punishment. Did you have some particular alternative in mind that you wanted to propose? Sending the miscreant hijacker to bed without supper perhaps? >- hire a script kiddie who will break into that company's Mikrotik; >- announce roughly half of IPv4 address space through that breach just >for it to be surely on the news; >- relax and enjoy watching your competition disappearing in no later >than 2,5 months. I do believe that the main idea here was *not* to have the nuclear missles on a hair-trigger *or* to launch them within a few minutes of the beginning of a hijacking event, but rather to *notify* the party responsible, and then, if and ONLY IF absolutely NO ACTION is taken to resolve the problem after some reasonable period of time, then, and only then, it would *begin* to be a real possibility that sanctions would be applied. Believe me, none of the sponsors or proponents of this proposal wants to see the nuclear missles launched mistakenly, for example, in response to a falling meteor or a volcanic eruption somewhere. Any such premature over-reaction would quite obviously be Bad, and that passage of time usually serves to clarify intent. Regards, rfg
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
In message <14bee352-ac12-43a4-86d2-6f1426253...@consulintel.es>, JORDI PALET MARTINEZ wrote: >Of course, unless there is a court order. However, I really can't believe >that in most of our countries a judge will allow a court order for a massive >hijack affecting many people and organizations, unless there is an emergency >risk for the population, and this is done in those cases by declaring a >"national emergency situation". I think you have missed my point rather entirely, and also you may perhaps be unaware of history. Governments and courts in specific countries and jurisdictions may not always do things that the majority of us would think of as being "approporiate". https://www.cnet.com/news/how-pakistan-knocked-youtube-offline-and-how-to-make-sure-it-never-happens-again/ "Kim Davies, ICANN's manager of route zone services, says ICANN isn't able to revoke the AS number of a misbehaving network provider." So I ask again: Does the RIPE community REALLY want to give carte blanche to every little tin-pot small-time government official in *every* country of europe to do perfectly stupid and harmful things, such as the thing that is documented in the news story above? Because that's what you are all doing right now. By failing to say, clearly, that hijacking is against policy, you are effectively endorsing and supporting and allowing it. Regards, rfg
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On 22/03/2019, 22:43, "anti-abuse-wg on behalf of Ronald F. Guilmette" wrote: >In message , > Erik Bais wrote: >>So even if they would get the Bulgarian spammer/hijackers in front of a >>Dutch judge .. the change was that ... they would walk, because there was >>no harm done .. No law was broken, no system invaded and nothing stopped >>working . . . >This sound like an argument IN FAVOR of the proposal that you have said >you are opoposing! Ordinary civil and criminal counrts are still operating >on rules from the last century, or more often, from the century before >that. I find it interesting how you try to twist the wording. In case of the Bulgarian spammers hijacking the IP space of the Dutch Ministry of Foreign Affairs, where the IP space was hijacked but not actually used (for sending spam or other stuff), it wasn't deemed illegal. Frowned up on and undesirable.. but not illegal. Similar as if you 'loaned' a chair from your neighbour without consent and put it back without damage isn't regarded as stealing. If one country proved that they have capable laws for IT related issues, I think that the Netherlands has some very good reputation. Kudos here to the Dutch High Tech Crime Team Units work in the past years. >>So in this case, the Italian Police (ROS) used (forced??) an Italian ISP > to >>hijack some IP space to regain control of their lost RAT C&C server.. >>(endpoint for RAT infected machines.) This wasn't an accident .. but was > it >>criminal by the ISP to assist their local police ? >>And what would have been the impact if they didn't . . ? >I am sooo glad that Erik Bais brought up the case of Hacking Team, >because this case totally undermines Eric's argument in opposition to >the proposal. Again you are wrong on the interpretation .. The reason why I brought up, is that it may not be clear why something happened. >Yet Erik Bais is arguing that RIPE policy decisions should be driven by >a desire to accomodate the needs of exactly such Bad Actors. Again you are so wrong here .. and I'm beginning to feel I'm feeding someone here .. I was the author of the RIPE policy to include RPKI for non-members. ( to include PI holders and Legacy holder their resources into the RPKI system ) I'm not stating with that that RPKI is perfect, but it is one of the best ways to protect yourself against bgp hijacking. If everyone would sign their own prefixes, it will reduce the impact of hijacks. There is a lot of momentum at this moment for RPKI and more and more networks are already dropping invalid's. I'm not going into the allegation that you made on my person. >Erik Bais' final and "biggest" objection is as follows: >>The biggest issue what I see in this policy, is that the RIPE NCC ( either >>themselves or the Exec Board. ) is desired / aimed to pull the trigger on > a >>membership or contractual relationship. >I state the obvious question: Who ELSE is empowered, under law, to "pull > the trigger" on one of RIPE's contractual relationships? Obvious answer: >Nobody. The member can himself/herself/itself terminate the contract, but >the only other party that may do so, under law, and in accordance with the >contract itself, is RIPE. Let me first educate you on the difference between RIPE and the RIPE NCC. RIPE is the community. Everyone can be a community member and it is for free and RIPE doesn't give or take resources. RIPE defines the policies. The RIPE NCC is the member organisation (Association) and a legal entity. The member organisation has elected certain people to act as the Executive Board.. Among others, to act as the organising group to have oversight over the finances and the execution of the legal entity (the RIPE NCC) . Changes in the Articles of Association (that go among things over how a membership can be terminated ) are to be proposed in the General Meeting (GM), that only members (LIR's) can vote on. The members of the Executive Board are volunteers with a private responsibility on how the association is run and is done correctly. And each year we need to discharge the Exec. Board for their responsibilities (by member vote.) during the AGM. That is why there every year the following resolution to vote on during a GM. - "The General Meeting discharges the Executive Board with regard to its actions as they appear from the Annual Report " So if we want the Executive board to do something like this, this needs to go to the GM. Second, I would STRONGLY object to proceed on that, because it will bring the Executive Board AND the RIPE NCC in a position as the sole RIR in the region to become liable for damages. If the intent for the authors is that there should be a reference that the community doesn't like hijacking (And I'm fully sympathetic to that idea..) and wa
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
On Sat, Mar 23, 2019 at 21:54 Sascha Luck [ml] wrote: > > All, > > can I ask every participant in this discussion to PLEASE, PLEASE > quote properly. It's becoming absolutely impossible to ascertain > who wrote what and who made a statement and who answered it. > > > To brass tacks: > > On Sat, Mar 23, 2019 at 01:44:21PM +0100, JORDI PALET MARTINEZ via > anti-abuse-wg wrote: > >Immediate membership suspension at the end if the experts decide it's > >necessary to do so now. > > This is not possible under the SSA/ripe-697. Section 1.2.1.1 of > ripe-697 states clearly the grounds for termination of > membership. "BGP hijacking" is not one of them. While it is > presumably possible to add additional reasons, it will be, > TTBOMK, only by membership vote. > > I did at the start decide to give this proposal the benefit of > the doubt but I am now convinced that its intent is the > subversion of the RIPE NCC in order to force it to abuse its > dominant market position to remove from (internet) existence, > members who exhibit behaviour that, while arguably legal, > elements of this community don't like. > > Moreover, the proposal aims at doing this while largely > excluding the RIPE NCC itself from the decision-making process, > instead using some panel of "experts" to decide who should live > and who should die. Whence the authority of these "experts" > comes is not explained. The NCC Board is then, or so I surmise, > tasked with giving this decision an air of legitimacy by > ratifying it. Why the (unpaid) Board would even accept such a > questionable honour, I don't know, especially in light of the > potential liabilities. > > Further, the danger exists that this community is not done yet. > Once a mechanism to terminate unwelcome behaviour is established, > it is relatively easy to plug in any other behaviour that this > community, or elements thereof, would like to see removed from the > internet. > > In conclusio, this proposal has the potential to irredeemably > damage the relationship the NCC has with its members and I would > even argue that it has the potential to threaten the very > existence of the NCC if the powers that be decide that it is > abusing its power as a monopoly provider. Very well said, +1 > > > For the avoidance of doubt, I remain in opposition, > > SL > > -- -- Kind regards. Lu
