On Sat, Mar 23, 2019 at 19:11 ac <ac@main.me> wrote:
On Sat, 23 Mar 2019 18:57:43 +0800 Lu Heng <h.lu@anytimechinese.com> wrote:
It’a very much because of internet has become part of unitiy to my point of view.
Any policy that says “if you do bad thing we taking your IP number back” is very much like “if you do bad thing we cut your water/electricity off”.
the point is: you can do what you like with "your ip", if it is "your ip" but part of what makes it "your ip" is an advertisement that is an assignment by an administrative power and the same administrative power comes with responsibility and a whole bunch of unavoidable and undetachable other things....
so, we can keep going around in chicken and egg circles, but I think my mind is made up now... thank you for that :)
I am +1 for adoption of 2019-03 as it stands...
Sure, so does my mind, I am -1 for the adoption. Yes you do have responsibility to things you processe(in this case the rights to use the IP), but doesn’t give you rights to policing other people when your procession get damaged, I still firmly believe that rights belong to the police and judges. And for the record, it’s in my short term interest to have that policy as we do suffer from time to time hijackings, and I made presentation in this working group how more half million of our IP get hijacked for half a year. But for the long term stability of the registry, or the internet as a whole, in which in all my interest to protect, I really like to see community avoid policy like that.
Andre
-- -- Kind regards. Lu
On Sat, 23 Mar 2019, Lu Heng wrote: (...)
And for the record, it?s in my short term interest to have that policy as we do suffer from time to time hijackings, and I made presentation in this working group how more half million of our IP get hijacked for half a year. But for the long term stability of the registry, or the internet as a whole, in which in all my interest to protect, I really like to see community avoid policy like that.
Dear Lu Heng, All, I suppose you have customers. What you wrote above makes me wonder about: 1) The hijackings you mentioned also affect your customers, right? 2) Do you or your customers report these hijackings (and their impact) to somebody? 3) Is it in your customers' best interest to do nothing? 4) Is it in your customers' best interest to "protect" the lack of rules about hijacking at registry level? As i understand it, if someone provides the RIR with falsified data, they expose themselves to have a LIR closure (i.e. RIPE-716). Imho, having this rule in place is protecting the RIR's long term stability -- the point about 2019-03 is that someone doing persistent intentional hijacks should be subject to the same "risk". I've looked for your presentation, and found it (at RIPE 72). I especially like your slide which has: "Hijacker ARE NOT HIDING, THEY ARE RUNNING IT LIKE REAL BUSINESS" -- this is an exact quote, uppercase included :-) At the time you wrote/presented this, did you identify the hijacker(s), and were they also operating one or more LIRs? I understand your point about partial visibility. With 2019-03 in place, i think the incentive for anyone to share their routing view will increase, as a way of protection -- i see it as "community protection". Thanks for your input. I hope you can help fine tune the proposal, in a way that your concerns about registry (in)stability and Internet as a whole (in)stability can be solved. Best Regards, Carlos Friaças
In message <alpine.LRH.2.21.1903311120210.29965@gauntlet.corp.fccn.pt>, Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net> writes
On Sat, 23 Mar 2019, Lu Heng wrote:
(...)
And for the record, it?s in my short term interest to have that policy as we do suffer from time to time hijackings, and I made presentation in this working group how more half million of our IP get hijacked for half a year.
Lu Heng can of course reply, but I have some familiarity with this particular episode
1) The hijackings you mentioned also affect your customers, right?
I do not believe they did, not all announced space is in use
2) Do you or your customers report these hijackings (and their impact) to somebody?
The hijacks only came to light due to feedback about spam sending, where it turned out to be impossible to identify anyone using the IPs that were sending the spam. In that sense the reporting was the other way.
3) Is it in your customers' best interest to do nothing?
I think it's presumptuous to assume that nothing was done. Once it was understood what was occurring (which took rather longer than I think it would today) the matter was dealt with and the hijacks ceased
4) Is it in your customers' best interest to "protect" the lack of rules about hijacking at registry level?
Rules do not prevent hijacks -- detection and mitigation do
As i understand it, if someone provides the RIR with falsified data
there was no falsified data provided to an RIR in this case
, they expose themselves to have a LIR closure (i.e. RIPE-716). Imho, having this rule in place is protecting the RIR's long term stability -- the point about 2019-03 is that someone doing persistent intentional hijacks should be subject to the same "risk".
I have already pointed you towards IXPs once ... that's where this example was dealt with.
I understand your point about partial visibility. With 2019-03 in place, i think the incentive for anyone to share their routing view will increase, as a way of protection -- i see it as "community protection".
this is a new point presented without any evidence whatsoever (albeit I do agree that having more sensors would improve the detection of some hijacking events). The content of routing tables are often not shared publicly for reasons of perceived commercial confidentiality -- you should elaborate why that shyness would be changed by the proposed policy (especially given the claims made that hijacking is already easy to understand with the existing sensor network). -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
Hi, On Sun, 31 Mar 2019, Richard Clayton wrote:
1) The hijackings you mentioned also affect your customers, right?
I do not believe they did, not all announced space is in use
If third parties could receive any of the customer's space is already bad enough. The hijacker could be impersonating the customer towards other networks (not necessarily to every network in the world).
2) Do you or your customers report these hijackings (and their impact) to somebody?
The hijacks only came to light due to feedback about spam sending, where it turned out to be impossible to identify anyone using the IPs that were sending the spam. In that sense the reporting was the other way.
Although the victims (third party networks) directed their reports to the wrong people -- this is why i'm saying impersonating is an advantage to hijackers.
3) Is it in your customers' best interest to do nothing?
I think it's presumptuous to assume that nothing was done. Once it was understood what was occurring (which took rather longer than I think it would today) the matter was dealt with and the hijacks ceased
If enough harm was already done.......
4) Is it in your customers' best interest to "protect" the lack of rules about hijacking at registry level?
Rules do not prevent hijacks -- detection and mitigation do
I agree detection and mitigation do, but having no rules is actually helping hijackers.
As i understand it, if someone provides the RIR with falsified data
there was no falsified data provided to an RIR in this case
I wasn't clear enough. I'm saying the rule about falsified data exists and if someone does that, the RIR is able to act -- today it doesn't have the ability to act regarding hijacks!
, they expose themselves to have a LIR closure (i.e. RIPE-716). Imho, having this rule in place is protecting the RIR's long term stability -- the point about 2019-03 is that someone doing persistent intentional hijacks should be subject to the same "risk".
I have already pointed you towards IXPs once ... that's where this example was dealt with.
That is precisely another excellent issue. IXPs are by nature "neutral". However, if rules are written, one member that announces hijacked routes will most likely be shown the door. When that happens the IXP is only "enforcing" the rules. In my opinion, the RIR (which also does that in other cases of rule breaking) should be doing the same -- but for that rhe rule needs to be in place.
I understand your point about partial visibility. With 2019-03 in place, i think the incentive for anyone to share their routing view will increase, as a way of protection -- i see it as "community protection".
this is a new point presented without any evidence whatsoever (albeit I do agree that having more sensors would improve the detection of some hijacking events).
That's basically it... more sensors, better "community protection".
The content of routing tables are often not shared publicly for reasons of perceived commercial confidentiality -- you
It's always a choice not publicly detailing which your neighbors are. I'm only saying more public information helps in "detection".
should elaborate why that shyness would be changed by the proposed policy (especially given the claims made that hijacking is already easy to understand with the existing sensor network).
I only said it was an incentive to... i'm not suggesting it should be mandatory for every network to export info about who actually are their neighbors. Best Regards, Carlos
-- richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
participants (3)
-
Carlos Friaças -
Lu Heng -
Richard Clayton