On Fri, 22 Mar 2019, Sascha Luck [ml] wrote:
On Fri, Mar 22, 2019 at 12:21:43PM +0100, JORDI PALET MARTINEZ via anti-abuse-wg wrote:
I don't think I've said that if it is really a victim. I know my English is bad, but not so terrible!
not you, that was Carlos and he has since clarified what he meant.
A direct peer I mean here is the provider of the hijacker. Should you verify and filter anything that doesn't belong to your customer?
I do because my customers are small-ish and mostly personally known to me and I can use manual prefix filters. I don't want to presume as to what is possible or scalable for other networks, nor even what they should do.
Please let me add this: Someone filing a report must identify the source of an hijack. Sometimes hijackers "simulate" customers, to be able to shake-off any queries. If you can prove you and "your customer" are not the one and the same party, the consequence should be zero, because you as a transit provider are also being a victim. And here i would explicitely exclude any "warnings". 3rd parties can't be minimially liable for others' wrongdoings -- and currently to some people, hijacking is not even part of "wrongdoings". Regards, Carlos
rgds, SL