[anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15
- Previous message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03
- Next message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hank Nussbacher
hank at efes.iucc.ac.il
Fri Apr 5 07:38:49 CEST 2019
On 04/04/2019 21:36, Gert Doering wrote: > Hi, > > On Thu, Apr 04, 2019 at 08:32:39PM +0200, Karl-Josef Ziegler wrote: >>> Also I would to remind all the community that usually what happens to >>> communities that cannot regulate themselves is that some outsider comes >>> and regulated them... >> Yes, this is also my opinion. The community should do something against this abusive behavior. >> If it isn't done by the community there might be some regulation coming from outside, i.e. >> political entities. And I doubt that this will be the better way to handle this problem. > Still targeting the wrong crowd. A few willing Tier1 ISPs would have way > more effect than all policies we do in RIPE land against a rogue ISP that > might not even *be* a RIPE member (or a member of any LIR). Back in 2014 when I ran down a BGP hijack and approached the tier-1 (CAIDA top 5) that enabled the hijack to take place, their response was: "/But as you point out - we are xxxxxxxxx. There needs to be // //a degree of trust between us and our customer. Also it would be highly // //impractical to have proactive monitoring on all route changes. But there // //are certain things we block and others that we monitor of interest. This // //situation is now one of them. /" Less than a year ago I approached a tier-1 that ranked in the top 25 about another BGP hijack. I approached them 36 hours *after *the hijack took place and the response I received from their NOC was that they approached the hijacker (a direct customer of theirs) and the response from the hijacker which they forwarded to me was: /We checked the prefixes mentioned in our network and we do not seen these prefixes and do not advertise to ASN xxxx [HN: tier-1 ASN].// //Also these prefixes are not seen in internet from our network (ASN : xxxxx ). [HN: ASN of hijacker]/ Of course the prefixes are not seen, since the hijack was for a few hours. The tier-1 closed the case. So if the Internet (5xRIR) could guarantee me that within a year, the top 100 ASNs in the Internet were filtering properly and stopping BGP hijacking from occurring, I would pull my support for this proposal and agree with you. Regards, Hank > > Gert Doering > -- NetMaster -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20190405/3f4c862f/attachment.html>
- Previous message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15 -- was about 2019-03
- Next message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]