; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE
Policy Violation)
Unfortunately yes. However it doesn’t mean that we shouldn’t discuss this, work
on solutions and don’t let this die.
Some interim solutions might be good to be deployed, like
gt;
>Regards,
>Sérgio
>
>
>-Original Message-
>From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of
> Carlos Friaças via anti-abuse-wg
> Sent: 10 de setembro de 2019 08:26
> To: Jacob Slater
>Cc: anti-abuse-wg@ripe.ne
ssage-
From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of
Carlos Friaças via anti-abuse-wg
Sent: 10 de setembro de 2019 08:26
To: Jacob Slater
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is
for us to fail)
Regards,
Sérgio
-Original Message-
From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of Carlos
Friaças via anti-abuse-wg
Sent: 10 de setembro de 2019 08:26
To: Jacob Slater
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-03 Review Phase (Res
Hello,
As the RIPE NCC's IA shows (imho), the proposed process is not perfect.
The main goal of having a process to start with was to allow some action
regarding evident cases, and i hope people will agree that significant
effort was made to accomodate comments during v1's discussion.
We tr
All,
Sure, but stat.ripe.net, bgp.he.net, rpki, and many other sources are free
> for everyone to access. :-)
>
Having a copy of the table and see historical data doesn't automatically
give one the ability to determine if a given announcement was a hijack.
I might strongly suspect that it was - s
Hi,
On Mon, 9 Sep 2019, Jacob Slater wrote:
All,
If it's *your* table, you should be able.
Again, I disagree. Just because you have a copy of the routing table doesn't
automatically put you in a position to know what is going on with each entry
present in that table.
Sure, but sta
All,
If it's *your* table, you should be able.
>
Again, I disagree. Just because you have a copy of the routing table
doesn't automatically put you in a position to know what is going on with
each entry present in that table.
But please keep in mind than one event or a handful of events shouldn't
Hi,
On Mon, 9 Sep 2019, Jacob Slater wrote:
All,
If that happens, then potentially everyone can be a victim, yes.
Then they should be able to place a report.
I disagree. Just because you see what you think is a hijack in the full table
doesn't mean you have enough information
All,
If that happens, then potentially everyone can be a victim, yes.
> Then they should be able to place a report.
>
I disagree. Just because you see what you think is a hijack in the full
table doesn't mean you have enough information to justify a full
investigation that is likely to consume va
Hi,
(please see inline)
On Thu, 5 Sep 2019, Alex de Joode wrote:
??Dropping it might be the best thing:
The document does not clearly state what the procedure is (binding arbitrage?
(the decision leads to a conclusion that might
have an effect on the status of the LIR involved? (with anony
On Thu, 5 Sep 2019, Jacob Slater wrote:
All,
Hi Jacob, All,
Given the number of people who may submit a report (anyone receiving a
full table from their upstream(s), assuming the accused hijack makes it
into the DFZ),
If that happens, then potentially everyone can be a victim, yes.
Th
On Mon, 9 Sep 2019, Michele Neylon - Blacknight wrote:
Carlos
Hi Michele, All,
Nick and others have covered why it should be dropped in their emails to this
list.
Quoting from Nick's:
"
that is as damning an impact analysis as I've ever seen, and it sends a
clear signal that the propo
On Mon, 9 Sep 2019, Alexander Talos-Zens wrote:
Hej,
Hi Alexander, All,
(please see inline)
this is my first post in this list - my perspective is taht of a
security guy with little knowledge about BGP or the inner workings of
RIPE, but very interested in everything that helps definding a
Carlos
Nick and others have covered why it should be dropped in their emails to this
list.
It's also pretty clear that the cost implications of this proposal far outweigh
any potential benefit.
So it should just be dropped.
And your counterargument about cost is completely divorced from econo
Hi Michele, All,
Can you be more specific about which problems derive from this proposal's
simple existence...?
About:
"going to cost more" -- when you try to improve something, it's
generally not cheaper, yes. but then there is "worth", which generates
different views.
(...)
The "caus
Hej,
this is my first post in this list - my perspective is taht of a
security guy with little knowledge about BGP or the inner workings of
RIPE, but very interested in everything that helps definding against the
bad guys.
Den 2019-09-05 kl. 15:23, skrev Marco Schmidt:
> The goal of this proposa
100% agreed
This proposal should be dropped as it's creating more problems, going to cost
more and generally causes more harms than those it was aimed to solve.
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
https://blacknight.blog/
Intl. +3
In message ,
Carlos Friaças writes
>> ... also (on a brighter note), although law enforcement does move slowly
>> in this space, it does indeed move.
>>
>> https://krebsonsecurity.com/2019/09/feds-allege-adconion-employees-
>> hijacked-ip-addresses-for-spamming/
>
>This is from ARIN-land.
>Do you
Hi Suresh, Hank, All,
On Thu, 5 Sep 2019, Suresh Ramasubramanian wrote:
Hijacked route announcements can be carefully targeted to just a victim AS for
any attack.
Yes, they can -- and several cases (as far as i read) were already seen
when that was done over an IXP.
But that doesn't me
Hi Richard, All,
On Thu, 5 Sep 2019, Richard Clayton wrote:
(...)
BTW: it should be noted that the ARIN Board of Trustees threw out the
same proposal when it was made there...
https://www.arin.net/about/welcome/board/meetings/2019_0620/
The story is a bit longer than that (involves the A
Dropping it might be the best thing:
The document does not clearly state what the procedure is (binding arbitrage?
(the decision leads to a conclusion that might
have an effect on the status of the LIR involved? (with anonymous 'experts' who
act as 'judges' ? (a legal no-no))).
The proposa
I fully agree with Nick.
Drop it like its hot ...
Erik Bais
> Op 5 sep. 2019 om 18:15 heeft Nick Hilliard het volgende
> geschreven:
>
> I'd like to suggest to the chairs that this proposal be formally dropped.
In message <3a2ff2cd-b3fb-72f3-a43c-01f66bdbc...@foobar.org>, Nick
Hilliard writes
>Marco Schmidt wrote on 05/09/2019 14:23:
>> The RIPE NCC has prepared an impact analysis on this latest proposal
>> version to support the community’s discussion. You can find the full
>> proposal and impact ana
All,
Given the number of people who may submit a report (anyone receiving a full
table from their upstream(s), assuming the accused hijack makes it into the
DFZ), I'm still concerned that the proposed policy would cause more harm
than good. A random AS that happens to receive the announcement isn'
Support the withdrawal.
--
Sergey
Thursday, September 5, 2019, 6:31:28 PM, you wrote:
>> I'd like to suggest to the chairs that this proposal be formally
>> dropped.
RB> please
RB> randy
> I'd like to suggest to the chairs that this proposal be formally
> dropped.
please
randy
Marco Schmidt wrote on 05/09/2019 14:23:
The RIPE NCC has prepared an impact analysis on this latest proposal
version to support the community’s discussion. You can find the full
proposal and impact analysis at:
https://www.ripe.net/participate/policies/proposals/2019-03
that is as damning an
Hijacked route announcements can be carefully targeted to just a victim AS for
any attack.
If that victim AS holder complains to their national CERT the language here
precludes the CERT from reporting into RIPE.
That is a technicality as I can't imagine RIPE would refuse reports from a
CERT,
In regards to:
A.3.2. Pool of Experts
there should be some sort of insurance policy available provided by RIPE
NCC just as Board members cannot be held personally responsible, so too
the pool of experts need to be insured so that the "hijacker" doesn't
drag them into court on trumped up charges
On Thu, 5 Sep 2019, Hank Nussbacher wrote:
On 05/09/2019 16:23, Marco Schmidt wrote:
"A.3.1. Reporting
Only persons directly affected by a suspected hijack can report to the RIPE
NCC that another party has announced resources registered to or used by the
reporter without their consent. "
On 05/09/2019 16:23, Marco Schmidt wrote:
"A.3.1. Reporting
Only persons directly affected by a suspected hijack can report to the
RIPE NCC that another party has announced resources registered to or
used by the reporter without their consent. "
This thereby precludes any national CERT from r
Dear colleagues,
Policy proposal 2019-03, "Resource Hijacking is a RIPE Policy Violation"
is now in the Review Phase.
The goal of this proposal is to define that BGP hijacking is not
accepted as normal practice within the RIPE NCC service region.
The proposal has been updated following the
33 matches
Mail list logo