On Fri, 22 Mar 2019, Sascha Luck [ml] wrote:
On Thu, Mar 21, 2019 at 11:12:02PM +0100, JORDI PALET MARTINEZ via anti-abuse-wg wrote:
3) We may need to refine the text, but the suspected hijacker, in case of sponsored resources, is the suspected hijacker, not the sponsoring LIR (which may not even have relation to it). However, some people indicated that the direct peer should be also accountable. I think I also mention this before, one possible option is to tell the direct peer the first time "this is a warning report", please make sure to improve your filters.
Now I'm confused. In another post, Carlos indicated that someone who receives a hijacked prefix is a victim and here they are also Bad People. I'm not sure what to think about a retributive proposal that can't even keep the "victims" and the "offenders" apart. In this case ("neighbours are bad") it reminds me of a UK law that punishes not only an illegal immigrant but also the landlord who fails to refuse to rent them a flat.
Hi, The issue here might be the difference between a peering and a transit relationship. If hijacker Z announces prefix Y to network X. Then network X will route packets towards the hijacker, even if X doesn't propagate prefix Y any further to any other 3rd party networks. An hijacker can join an IXP and announce an hijacked prefix to one, some or all of the IXP's membership. In that case we will have one, some or many victims. Hope it is clear now. Regards, Carlos
rgds, SL