In message <CA+E3quJWF96vhbDmfX-taQ-AJaTGNfsV9q5kKLLWnmm1F+1GUw@mail.gmail.com>, IP Abuse Research <ipabuseresearch@gmail.com> wrote:
What the continued findings indicate is a need for IANA and the RIRs to adapt to a new stage in the resource issuance and governance lifecycle. Since this is by definition a working group, would it make sense to establish some metrics to quantify the perceived impact of this phenomenon on abuse?
If we establish a process to collect these observations of either "abandoned" resources, prefixes or ASNs, which then re-appear mysteriously or in the case of an ASN start routing space that is unexpectedly, "hijack", we can take a step as a community to quantify the phenomenon?
This kind of stuff certainly could be done, but this would be a serious research project, requiring sme serious manpower expenditure. That's not to say that it would not be worth the investment. I think it would be. But someone or something would have to step up to make the investment. In the meantime, there is other work, and other steps that would obviously be worthwhile. The first is doing everything possible to try to get RPKI adopted more widely. The second is persuading everyone, certainly including Petersburg Internet, to stop even trying to use an data from RADB. That thing has -zero- security. Any fool can use that at any time to create any route object he/she/it wants. And speaking of which, I for one would love to know if Petersburg Internet was performing -any- checking on those route announcements it was passing on behalf of its customer in this case. If not, then that right there constitutes some "low hanging fruit" in terms of moving things forward so as to prevent repeats of this kind of situation. Regards, rfg