[anti-abuse-wg] Hijack Factory: AS201640 / AS200002
- Previous message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
- Next message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Suresh Ramasubramanian
ops.lists at gmail.com
Fri Nov 7 04:17:59 CET 2014
I have been meaning to check the transcript later today so thanks for the information. On Nov 7, 2014 8:42 AM, "Elvis Daniel Velea" <elvis at velea.eu> wrote: > the policies are RIPE policies, NCC only has procedures. > > if you would be interested in the RIPE policies (and not only noise on > this mailing list), you would have followed the discussions happening > during the RIPE Meeting today; there was a lenghty discussion at the > routing wg about this particular case and similar cases in general. > > regards, > elvis > > Excuse the briefness of this mail, it was sent from a mobile device. > > On 07 Nov 2014, at 03:05, Suresh Ramasubramanian <ops.lists at gmail.com> > wrote: > > This one is, yes. > > No shortage of previous incidents though as you're probably aware. > > Anyway the question before the house here is NCC policies, not which > country a specific incident took place in. > On Nov 7, 2014 8:23 AM, "Elvis Daniel Velea" <elvis at velea.eu> wrote: > >> Nex time, before sending an e-mail learn how to use whois. >> >> the AS is assigned and used in Bulgaria and the Sponsoring LIR is also >> from Bulgaria (Nettera Ltd) >> >> Btw, how are the laws against spam in India? I see it's still in top 10 >> countries sending spam... >> >> Excuse the briefness of this mail, it was sent from a mobile device. >> >> On 07 Nov 2014, at 01:23, Suresh Ramasubramanian <ops.lists at gmail.com> >> wrote: >> >> There are two or three things here. >> >> RIPE is under dutch law and the Netherlands does have a law against spam, >> and other cybercrime legislation as well that has historically been >> actively enforced. >> >> The LIR is under romanian law and that does appear to have some laws >> against spam on their books but none of it appears to have been tested in >> court. >> >> As a LE organization, Europol, like Interpol, deals with coordination and >> clearinghouse work between national LE and neither is an international >> police force. >> >> This simply means that LE or the appropriate regulator in either country >> where the different parts of this contract exist (the Netherlands - opta or >> dutch high tech crime police, and whoever are their peers in Romania) >> should be able to act on this information. >> >> U.S. LE as well given that the actual perpetrators are there. >> >> Whether dutch, romanian or US law are able to take cognizance of publicly >> available information to open an investigation, or they need a local victim >> of IP hijacking (or an international victim through the normal LE channels) >> remains to be seen. >> >> In either case we do need to see how much RIPE NCC can do to exercise its >> fiduciary duty over v4 space. >> >> A bank manager who loaned money on the same slapdash implementation of >> criteria that NCC allocates IP space on (due diligence being interpreted as >> 'internet policing' might explain that) would be fired and/or prosecuted in >> very short order indeed. >> On Fri, 7 Nov 2014 at 02:21 Reza Mahmoudi <R.mahmoudi at mobinnet.net> >> wrote: >> >>> I was wondering if this kind of hijacking falls into the category of >>> Cybercrime and authorities like Europol (https://www.europol.europa.eu/ >>> ) can help? >>> >>> Reza Mahmoudi >>> ________________________________________ >>> From: anti-abuse-wg-bounces at ripe.net [anti-abuse-wg-bounces at ripe.net] >>> on behalf of Ronald F. Guilmette [rfg at tristatelogic.com] >>> Sent: Friday, November 07, 2014 12:02 AM >>> To: anti-abuse-wg at ripe.net >>> Subject: Re: [anti-abuse-wg] Hijack Factory: AS201640 / AS200002 >>> >>> In message <20141106150814.GX31092 at Space.Net>, >>> Gert Doering <gert at space.net> wrote: >>> >>> >In this particular case, I wonder why nobody is yelling at the upstream >>> >who is happily forward packets for that AS... due dilligence at >>> >accepting customer prefixes would have easily caught the announcements. >>> >>> I personally would be ``yelling at the upstream'' right now, but someone >>> made a comment on the NANOG mailing list which sort-of hinted that this >>> would be entirely futile in the case of AS200002. I don't know, but I >>> suspect that he already knows something that I don't know, so I'm not >>> wasting my time on sending comlaints to an entity that, it seems, may >>> perhaps not give a damn. >>> >>> >(Yes, I understand that I'm now officially part of the problem, as >>> >I'm obviously not willing to do everything technically possible to >>> >stop particular sorts of badness) >>> >>> To the extent that you might be able to avoid forwarding route >>> announcements which originate from AS201640, allow me to express >>> my personal opinion that doing so would be admirable. >>> >>> >>> Regards, >>> rfg >>> >>> >>> -- >>> This email was Virus checked by Juniper Security Gateway. >>> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20141107/5f898e66/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
- Next message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]