[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Carlos Friaças
cfriacas at fccn.pt
Thu Apr 18 12:50:25 CEST 2019
On Thu, 18 Apr 2019, Peter Koch wrote: (...) >>>> BGP hijacking completely negates the purpose of a (Regional Internet) Registry. >>> >>> This is unclear to me. The Registry registers address space, not routes. >> >> Yes, but one of the main purposes of a Registry is that everyone knows who >> is using a specific resource (or who is the legitimate holder). > > Definitely the registry puts on record who the holder is, I'm not > sure that always includes "use". Without any rights of use attached, the value of having a registry is close to none. If someone hijacks a resource to engage in a criminal activity, then the value for the legitimate holder of having a reference in the registry can be even *negative*, if he's forced to prove that he actually didn't have any part in said criminal activity... >> Those who are intentionally and continuously hijacking resources are >> removing value from the Registry for the whole community. > > Quite to the contrary. Without the registry you couldn't even tell. Step 1 - Have a registry. Check. Step 2 - Make people abide by the registy. Oooops. :/ >> What's the point in having a Registry if people just decide which numbers to >> use, even if those Internet numbers are attached to another org with >> legitimate holdership and exclusive rights of usage? > > That question answers itself. Even more so, what's the point of removing > the resources registered by those "people" if they allegedly don't care > anyway? If an hijacker loses the rights to use its ASN, their peers/upstreams will likely need to review their configs/neighborships... >> The rule, as we speak doesn't exist. Maybe using different wording, it could >> mean: "Resource hijacking is not allowed". Period. > > While "hijacking" still needs to be defined, the statement in and of > itself is not a policy. We hope to improve the definition in version 2.0. I disagree when you say "<something> is not allowed" is not a policy. >> So, the main/only course of action, as i see it today for an hijacked party >> (if the hijacker is from the RIPE region), is sending a complaint to a dutch >> court... and it's doubtful if the dutch court will not rule itself to be >> "unable to rule" on the matter... > > Why would you ask the Dutch court? It's the only court who can rule that the RIPE NCC needs to do something... > Thanks to the Registry DB, the hijacked party is hopefully able to prove > holdership of a resource to take mitigation to the operational level. Hopefully, yes. But that won't stop the hijacker to hop on to the next hijack/victim... Again, we're focusing on the hijacked party as the sole victim, when those who *receive* hijacked routes are also the victims, as their traffic is attracted from such bogus announcements. Cheers, Carlos > -Peter >
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]