RIPE 72 Anti-Abuse Working Group Minutes

Minutes from the Anti-Abuse Working Group at RIPE 72 in Copenhagen.

Thursday, 26 May 2016
WG Co-Chairs: Brian Nisbet
Scribe: Marco Hogewoning

Co-chair Brian Nisbet opened the meeting and apologised on behalf of Tobias Knecht, his follow co-chair who could not attend the meeting in person. After going through some of the logistics, the agenda as posted on the website was approved by acclamation.

B1. Recent List Discussion

Brian gave a quick overview of the recent discussions that took place on the mailing list highlighting that apart from 2016-01 (abuse-c for legacy holders – red.), which had its own agenda item, there has been some discussion on data verification and abuse-c contact methods.

C1. Policy 2016-01

This presentation is available at:

https://ripe72.ripe.net/presentations/145-2016-01-AA-WG.pdf

Brian Nisbet opened the discussion by stating abuse-c itself was a fact and limiting scope of the comments to applying it to legacy resources.

Ruediger Volk (Deutsche Telekom Technik) stated his objections were a constructive attempt to improve the proposal and change the application to voluntary basis instead of mandatory.

Wolfgang Tremmel (DE-CIX) asked if Piotr could give an indication of the size of the problem.

Peter Koch (DENIC) mentioned the RIPE community explicitly decided that legacy resources should be treated differently and asked for a rationale to change that approach. He also mentioned that a higher barrier to maintain data might lead to erosion.

Piotr referred back to his presentation that explained the reason for a more uniform approach.

Brian acknowledged Peter’s concerns and state he wasn’t sure that the Anti-Abuse Working Group should set a precedent to include legacy resources in RIPE policy, but rather have a broader discussion about that topic first.

Marco Schmidt (RIPE NCC) responded to Wolfgang’s question and stated there were about 70 thousand legacy resource registration, of which about 4,000, which is five per cent had an abuse-c attribute.

Ruediger Volk asked the working group to develop better documentation regarding abuse-c and how to handle complaints received.

In response Tim Bruijnzeels (RIPE NCC) pointed to the documentation on the website.

In the following discussion it was clarified that Ruediger in particular referred to the documentation describing how to deal with abuse complaints.

Brian wrapped up the discussion and suggested to further discuss with the RIPE NCC on how to improve documentation together with the working group.

D2. Update on RIPE NCC LEA Interactions – Dick Leaning, RIPE NCC

This presentation is available at: 
https://ripe72.ripe.net/presentations/160-DickRIPE72.pdf

Colin Anderson (Measurement Lab) congratulated RIPE NCC on the transparency report.

Malcom Hutty (personal) asked whether there was the intention for the Public Safety Working Group, in light of its expanding scope, to move out of ICANN. As the public perception now is that PSWG “is an ICANN thing”.

Richard said this was a discussion going on in PSWG and he would pass the comments on to the PSWG chair.

Nick Shorey (UK DCMS) responded as GAC representative and confirmed that as a GAC sub group the PSWG has no jurisdiction outside of ICANN, but that it provided a convenient way to bring together law enforcement representatives who outside of the GAC mandate also participate in the discussion in other forums.

Maksym Tullev (NetAssist) asked if Dick could specify which countries issued the LEA requests he mentioned.

Dick referred back to the published document, which contains more information.

Geoff Huston (APNIC) asked Dick if whether, as former member of the LEA community, could say whether the RIPE community was meeting their expectations and if the were able to judge its accuracy.

Brian mentioned that one of the upcoming presentations would further address that and thanked Dick for his time.

E1. EC3 Presentation – Gregory Mounier, Europol EC3

This presentation is available at:
https://ripe72.ripe.net/presentations/132-Presentation_RIPE72-FINAL.pdf

Will van Gillik (IP-Max) said that as he is connected to multiple IXPs, his IP address space is announced in multiple countries

Marco Hogewoning (RIPE NCC) clarified that there likely was some confusion over the wording Greg used and he probably did not mean the actual BGP routing announcements.

Kaveh Ranjbar (RIPE NCC) mentioned that the reality of the Internet is that it is global and that jurisdictions simply don’t work.

Ruediger Volk (Deutsche Telekom Technik) explained that law enforcement requirements were not taken into consideration when the RIPE Database was designed originally and that it will take some time to fix things. 

He also mentioned that in the current age of virtualisation the 
jurisdiction could vary per IP or even per port number.

Gregory responded that Ruediger was correct and the use of NAT would mean he could not find people.

Milton Mueller (ARIN AC) mentioned that ARIN tried to jurisdictionalise the IO addresses to little success. He commented that the LEAs were trying to recreate the old telecom monopolies and that they were talking the wrong people here, suggesting that they should address the 
international cooperation between law enforcement agencies.

Gregory responded that LEA is operating in a tight legal framework which is also not easily adapted and that there needs to be a dialogue on how to best match the old system with the new world.

Joe Provo (private) commented that a one-stop shop was unlikely and there was a clear need for LEA to further develop the internal skills in analysing the information.

Gregory agreed that there is need for more capacity building and mentioned that Europol was hiring.

E2. Discussion on Invisible IP Hijacking – Lu Heng, Outside Heaven

This presentation is available at:
https://ripe72.ripe.net/presentations/165-invisiable-hijacking-follow-up.pdf

Kaveh Ranjbar (RIPE NCC) clarified that there is a hierarchy in 
registering route objects and that once a range has been allocated by IANA only the specific RIR will allow registration. He mentioned RIPE NCC allowed for registration of out-of-region resources and referred to the discussion in the Database Working Group on that particular topic.

Ruediger Volk (Deutsche Telecom Technik) commented that one of the things to take away from this talk was that the really evil hijacks are very targeted and scoped and very hard to detect.

E3. Blackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild – Chris Dietzel, DE-CIX

This presentation is available at:

https://ripe72.ripe.net/presentations/169-e-CD-20160523-RIPE72-blackholing_at_IXPs.pdf

Ruediger Volk (Deutsche Telekom Technik) asked if there was any common authorisation method for the blackholing routes that Chris observed.

Chris acknowledged that you can only issue black holes for your own address space.

Ruediger clarified that he meant the situation where a black hole was created not to mitigate a DDOS, but creating a miniature DDOS itself.

Chris responded that in such cases you would be DDOS-ing yourself, which is not a very likely scenario.

Wolfgang Tremmel (DE-CIX) clarified that the DDOS mitigation system used the same authorisation methods as the regular announcements to the route server, where route objects are verified to legitimise the sender.

Brian thanked everybody for his or her attention and asked for AOB. He closed the meeting by mentioning that he was open to agenda suggestions for RIPE 73 in Madrid.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum