Re: [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
Hi, On Thu, Nov 06, 2014 at 02:55:52PM +0000, anfernandez@lavanguardia.es wrote:
When RIPE is actually a judge that decided to protecting internet piracy. You can be sure that RIPE will open an expedient to any LIR that do not pay its fee, but you can keep waiting to see RIPE opening an expedient to investigate bad use of internet by one of their associated LIRs.
It should be made totally clear that spamming, pirating movies, and so on is a legitimate usage of IP addresses IF THE JURISDICTION OF THE LIR IN QUESTION PERMITS IT. We might not *like* it, but if it's legal in, say, Romania to send out large amounts of e-mail, attacking the RIPE NCC for providing IP addresses to a LIR in .ro is not the way to fix it. Now, we all might agree that SPAM is evil, and pirating moviez is also evil. What about encouraging political debate? China might have a stance here. What about pictures of men kissing men? Russia might not like that. Things that are totally inacceptable for some parties are things that other parties want protected by freedom of speech, or freedom of doing business. So, the NCC can, will and *should* not act on "things people do not like" - it will (and does) act if being lied to, or if a judge decides that a LIR's business is illegal. In this particular case, I wonder why nobody is yelling at the upstream who is happily forward packets for that AS... due dilligence at accepting customer prefixes would have easily caught the announcements. (Yes, I understand that I'm now officially part of the problem, as I'm obviously not willing to do everything technically possible to stop particular sorts of badness) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
From this rule there is an exception provided for in Article 2, which concerns those who have obtained addresses when selling a product or service, but provides a simple means and free recipient opposition. In
If you want that argument - 1. Several countries have a 'country link' concept to assert jurisdiction of their antispam laws. So if a US or Australian citizen or ISP was spammed, or a relay in their country abused etc they'd have jurisdiction. 2. Romania does have antispam legislation and there is a European Parliament ruling dating back to 2002 related to spam Quoting from a romanian page passed through Google translate : http://www.legi-internet.ro/articole-drept-it/spamul-aspecte-legislative-si-... e) In Romania, the legislation on spam is relatively recent and it was adopted as a result of harmonization of national legislation with Community law. (17) <http://www.legi-internet.ro/articole-drept-it/spamul-aspecte-legislative-si-jurisprudentiale.html#c510> Thus, the main laws relating to privacy and related to spammmingul are: - Law .677 of 21 November 2001 on the protection of individuals with regard to the processing of personal data and the free movement of such data; - Law no.506 of 17 November 2004 concerning the processing of personal data and privacy in the electronic communications sector; - In Additionally, GEO no.130 / 2000 on distance, through the provisions of Article 16 in relation to Article 15 enshrines the opt-out method in the context of the e-commerce Directive 31/2000 on leave to the states to choose between opt-in and opt-out; Law no.365 / 2002 on electronic commerce and establishes rules for the application opt-in categorical manner, leading to an inconsistent girl GEO no.130 / 2000. Linking domestic legal provisions and employment in the field of e-mail opt-in comes after approving Ordinance no.130 / 2000 by Law No.51 / 2003, which amended this. Regarding the Law no.506 / 2004, this is a transposition into national law of European Directive 58/2002 and requires opt-way relationship between practitioners in the direct marketing and Internet users. This is provided for by article 12, paragraph 1, which states that "It is prohibited to make commercial communications through the use of automated calling systems that do not require human intervention, by fax or by electronic mail, or by any other method uses publicly available electronic communications services, unless the subscriber concerned has given his prior express consent to receive such communications. " paragraph 3 states that are prohibited spam that hide the identity of the sender or they work for, nor gives the recipient the opportunity to object. The sanctions provided by the law are such contravention, if the violation of its provisions was not the facts that constitute crimes. Thus, observing the provisions of Article 12, relating to unsolicited communications are misdemeanors and are punishable by a fine of 50 million lei to 1,000,000,000 lei, and for companies with a turnover of over 50,000,000,000 lei, notwithstanding the provisions of Ordinance No.2 / 2001 on the legal regime of contraventions, approved with amendments and completions by Law no.180 / 2002, with subsequent amendments, with a fine of up to 2% of turnover. A competent independent authority in the fight against spam exunctionează not yet, as a separate entity. Responsibilities in this regard incumbent Ombudsman, the officials whom he has available. However there is a bill in the House of Deputies adopted only in the meeting of March 8, 2005, which establishes the national supervisory authority of the processing of personal data. Also an important role in managing the problem of spam and the processing of personal data plays Regulatory Authority for Communications. Together they can work and professional associations to adopt and enforce codes of conduct in the network. We find such French model on professional associations or non-governmental and Netiquette code. Regarding the competence of the courts and the right of individuals to go to court, the Law no.677 / 2001 provides (Article 18) that: "(1) Without prejudice to the possibility of addressing the supervisory authority, people subjects have the right to go to court to defend the rights guaranteed by this law, they have been violated. (2) Any person who has suffered damage as a result of the processing of personal data carried out illegally, may address competent court for repair. (3) is the competent court within whose jurisdiction the applicant resides. Application for summons is exempt from stamp duty. " Such a person, if he has not filed a complaint in court, we can address the Ombudsman, according to article 27 of Law no.677 / 2001. As regards the law applicable to this international element are not made explicit reference so it will Specific rules apply to common law. On Nov 6, 2014 8:38 PM, "Gert Doering" <gert@space.net> wrote:
Hi,
When RIPE is actually a judge that decided to protecting internet
On Thu, Nov 06, 2014 at 02:55:52PM +0000, anfernandez@lavanguardia.es wrote: piracy. You can be sure that RIPE will open an expedient to any LIR that do not pay its fee, but you can keep waiting to see RIPE opening an expedient to investigate bad use of internet by one of their associated LIRs.
It should be made totally clear that spamming, pirating movies, and so on is a legitimate usage of IP addresses IF THE JURISDICTION OF THE LIR IN QUESTION PERMITS IT.
We might not *like* it, but if it's legal in, say, Romania to send out large amounts of e-mail, attacking the RIPE NCC for providing IP addresses to a LIR in .ro is not the way to fix it.
Now, we all might agree that SPAM is evil, and pirating moviez is also evil. What about encouraging political debate? China might have a stance here. What about pictures of men kissing men? Russia might not like that.
Things that are totally inacceptable for some parties are things that other parties want protected by freedom of speech, or freedom of doing business.
So, the NCC can, will and *should* not act on "things people do not like" - it will (and does) act if being lied to, or if a judge decides that a LIR's business is illegal.
In this particular case, I wonder why nobody is yelling at the upstream who is happily forward packets for that AS... due dilligence at accepting customer prefixes would have easily caught the announcements.
(Yes, I understand that I'm now officially part of the problem, as I'm obviously not willing to do everything technically possible to stop particular sorts of badness)
Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Hi, On Thu, Nov 06, 2014 at 08:58:19PM +0530, Suresh Ramasubramanian wrote:
Quoting from a romanian page passed through Google translate :
http://www.legi-internet.ro/articole-drept-it/spamul-aspecte-legislative-si-...
e) In Romania, the legislation on spam is relatively recent and it was adopted as a result of harmonization of national legislation with Community law. (17)
This is very good news (I do not like SPAM any more than you do, I just differ in what I think is the right means to fight back). So, I think all that is needed is to get a court to convict them, and then the NCC can close the LIR and take back the resources - see the documented procedure on LIR closures. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Hi, About spam in Romania you say: "This is very good news (I do not like SPAM any more than you do, I just differ in what I think is the right means to fight back). So, I think all that is needed is to get a court to convict them, and then the NCC can close the LIR and take back the resources - see the documented procedure on LIR closures." and I add to your comentary: and the spammer will move to a new site and you will need a court convict again, and again, and again. I'm sorry, but I'm not so rich to do it Ángel -----Mensaje original----- De: Gert Doering [mailto:gert@space.net] Enviado el: jueves, 06 de noviembre de 2014 17:06 Para: Suresh Ramasubramanian CC: Gert Doering; Angel Fernandez Pineda; anti-abuse-wg@ripe.net; laura@ripe.net Asunto: Re: [anti-abuse-wg] Hijack Factory: AS201640 / AS200002 Hi, On Thu, Nov 06, 2014 at 08:58:19PM +0530, Suresh Ramasubramanian wrote:
Quoting from a romanian page passed through Google translate :
http://www.legi-internet.ro/articole-drept-it/spamul-aspecte-legislati ve-si-jurisprudentiale.html
e) In Romania, the legislation on spam is relatively recent and it was adopted as a result of harmonization of national legislation with Community law. (17)
This is very good news (I do not like SPAM any more than you do, I just differ in what I think is the right means to fight back). So, I think all that is needed is to get a court to convict them, and then the NCC can close the LIR and take back the resources - see the documented procedure on LIR closures. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Hi Gert, Let me ask you a question: Which is the mision of RIPE? RIPE's web site say: We serve our members by delivering a high quality registry and supporting the core Internet infrastructure. Connecting people within and beyond the technical community through our inclusive, multi-stakeholder approach, we contribute to an innovative and reliable Internet. Do you really think RIPE is serving its mission? Do you really think RIPE database is a high quality registry when the single requirement to the LIRs is not provide untruthful information , but it does not matter if it is unuseful, as, for example, abuse contact email address? Do you really think RIPE is providing a reliable internet? RIPE's delegation of their responsabilities is driving internet to be blocked by a lot of national firewall because of local application of copyright or anti abuse legislaton. Is this the RIPE's reliable internet? Regards, Ángel -----Mensaje original----- De: Gert Doering [mailto:gert@space.net] Enviado el: jueves, 06 de noviembre de 2014 16:08 Para: Angel Fernandez Pineda CC: anti-abuse-wg@ripe.net; laura@ripe.net Asunto: Re: [anti-abuse-wg] Hijack Factory: AS201640 / AS200002 Hi, On Thu, Nov 06, 2014 at 02:55:52PM +0000, anfernandez@lavanguardia.es<mailto:anfernandez@lavanguardia.es> wrote:
When RIPE is actually a judge that decided to protecting internet piracy. You can be sure that RIPE will open an expedient to any LIR that do not pay its fee, but you can keep waiting to see RIPE opening an expedient to investigate bad use of internet by one of their associated LIRs.
It should be made totally clear that spamming, pirating movies, and so on is a legitimate usage of IP addresses IF THE JURISDICTION OF THE LIR IN QUESTION PERMITS IT. We might not *like* it, but if it's legal in, say, Romania to send out large amounts of e-mail, attacking the RIPE NCC for providing IP addresses to a LIR in .ro is not the way to fix it. Now, we all might agree that SPAM is evil, and pirating moviez is also evil. What about encouraging political debate? China might have a stance here. What about pictures of men kissing men? Russia might not like that. Things that are totally inacceptable for some parties are things that other parties want protected by freedom of speech, or freedom of doing business. So, the NCC can, will and *should* not act on "things people do not like" - it will (and does) act if being lied to, or if a judge decides that a LIR's business is illegal. In this particular case, I wonder why nobody is yelling at the upstream who is happily forward packets for that AS... due dilligence at accepting customer prefixes would have easily caught the announcements. (Yes, I understand that I'm now officially part of the problem, as I'm obviously not willing to do everything technically possible to stop particular sorts of badness) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
In message <20141106150814.GX31092@Space.Net>, Gert Doering <gert@space.net> wrote:
In this particular case, I wonder why nobody is yelling at the upstream who is happily forward packets for that AS... due dilligence at accepting customer prefixes would have easily caught the announcements.
I personally would be ``yelling at the upstream'' right now, but someone made a comment on the NANOG mailing list which sort-of hinted that this would be entirely futile in the case of AS200002. I don't know, but I suspect that he already knows something that I don't know, so I'm not wasting my time on sending comlaints to an entity that, it seems, may perhaps not give a damn.
(Yes, I understand that I'm now officially part of the problem, as I'm obviously not willing to do everything technically possible to stop particular sorts of badness)
To the extent that you might be able to avoid forwarding route announcements which originate from AS201640, allow me to express my personal opinion that doing so would be admirable. Regards, rfg
I was wondering if this kind of hijacking falls into the category of Cybercrime and authorities like Europol (https://www.europol.europa.eu/ ) can help? Reza Mahmoudi ________________________________________ From: anti-abuse-wg-bounces@ripe.net [anti-abuse-wg-bounces@ripe.net] on behalf of Ronald F. Guilmette [rfg@tristatelogic.com] Sent: Friday, November 07, 2014 12:02 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Hijack Factory: AS201640 / AS200002 In message <20141106150814.GX31092@Space.Net>, Gert Doering <gert@space.net> wrote:
In this particular case, I wonder why nobody is yelling at the upstream who is happily forward packets for that AS... due dilligence at accepting customer prefixes would have easily caught the announcements.
I personally would be ``yelling at the upstream'' right now, but someone made a comment on the NANOG mailing list which sort-of hinted that this would be entirely futile in the case of AS200002. I don't know, but I suspect that he already knows something that I don't know, so I'm not wasting my time on sending comlaints to an entity that, it seems, may perhaps not give a damn.
(Yes, I understand that I'm now officially part of the problem, as I'm obviously not willing to do everything technically possible to stop particular sorts of badness)
To the extent that you might be able to avoid forwarding route announcements which originate from AS201640, allow me to express my personal opinion that doing so would be admirable. Regards, rfg -- This email was Virus checked by Juniper Security Gateway.
There are two or three things here. RIPE is under dutch law and the Netherlands does have a law against spam, and other cybercrime legislation as well that has historically been actively enforced. The LIR is under romanian law and that does appear to have some laws against spam on their books but none of it appears to have been tested in court. As a LE organization, Europol, like Interpol, deals with coordination and clearinghouse work between national LE and neither is an international police force. This simply means that LE or the appropriate regulator in either country where the different parts of this contract exist (the Netherlands - opta or dutch high tech crime police, and whoever are their peers in Romania) should be able to act on this information. U.S. LE as well given that the actual perpetrators are there. Whether dutch, romanian or US law are able to take cognizance of publicly available information to open an investigation, or they need a local victim of IP hijacking (or an international victim through the normal LE channels) remains to be seen. In either case we do need to see how much RIPE NCC can do to exercise its fiduciary duty over v4 space. A bank manager who loaned money on the same slapdash implementation of criteria that NCC allocates IP space on (due diligence being interpreted as 'internet policing' might explain that) would be fired and/or prosecuted in very short order indeed. On Fri, 7 Nov 2014 at 02:21 Reza Mahmoudi <R.mahmoudi@mobinnet.net> wrote:
I was wondering if this kind of hijacking falls into the category of Cybercrime and authorities like Europol (https://www.europol.europa.eu/ ) can help?
Reza Mahmoudi ________________________________________ From: anti-abuse-wg-bounces@ripe.net [anti-abuse-wg-bounces@ripe.net] on behalf of Ronald F. Guilmette [rfg@tristatelogic.com] Sent: Friday, November 07, 2014 12:02 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
In message <20141106150814.GX31092@Space.Net>, Gert Doering <gert@space.net> wrote:
In this particular case, I wonder why nobody is yelling at the upstream who is happily forward packets for that AS... due dilligence at accepting customer prefixes would have easily caught the announcements.
I personally would be ``yelling at the upstream'' right now, but someone made a comment on the NANOG mailing list which sort-of hinted that this would be entirely futile in the case of AS200002. I don't know, but I suspect that he already knows something that I don't know, so I'm not wasting my time on sending comlaints to an entity that, it seems, may perhaps not give a damn.
(Yes, I understand that I'm now officially part of the problem, as I'm obviously not willing to do everything technically possible to stop particular sorts of badness)
To the extent that you might be able to avoid forwarding route announcements which originate from AS201640, allow me to express my personal opinion that doing so would be admirable.
Regards, rfg
-- This email was Virus checked by Juniper Security Gateway.
Nex time, before sending an e-mail learn how to use whois. the AS is assigned and used in Bulgaria and the Sponsoring LIR is also from Bulgaria (Nettera Ltd) Btw, how are the laws against spam in India? I see it's still in top 10 countries sending spam... Excuse the briefness of this mail, it was sent from a mobile device. On 07 Nov 2014, at 01:23, Suresh Ramasubramanian <ops.lists@gmail.com> wrote: There are two or three things here. RIPE is under dutch law and the Netherlands does have a law against spam, and other cybercrime legislation as well that has historically been actively enforced. The LIR is under romanian law and that does appear to have some laws against spam on their books but none of it appears to have been tested in court. As a LE organization, Europol, like Interpol, deals with coordination and clearinghouse work between national LE and neither is an international police force. This simply means that LE or the appropriate regulator in either country where the different parts of this contract exist (the Netherlands - opta or dutch high tech crime police, and whoever are their peers in Romania) should be able to act on this information. U.S. LE as well given that the actual perpetrators are there. Whether dutch, romanian or US law are able to take cognizance of publicly available information to open an investigation, or they need a local victim of IP hijacking (or an international victim through the normal LE channels) remains to be seen. In either case we do need to see how much RIPE NCC can do to exercise its fiduciary duty over v4 space. A bank manager who loaned money on the same slapdash implementation of criteria that NCC allocates IP space on (due diligence being interpreted as 'internet policing' might explain that) would be fired and/or prosecuted in very short order indeed. On Fri, 7 Nov 2014 at 02:21 Reza Mahmoudi <R.mahmoudi@mobinnet.net> wrote:
I was wondering if this kind of hijacking falls into the category of Cybercrime and authorities like Europol (https://www.europol.europa.eu/ ) can help?
Reza Mahmoudi ________________________________________ From: anti-abuse-wg-bounces@ripe.net [anti-abuse-wg-bounces@ripe.net] on behalf of Ronald F. Guilmette [rfg@tristatelogic.com] Sent: Friday, November 07, 2014 12:02 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
In message <20141106150814.GX31092@Space.Net>, Gert Doering <gert@space.net> wrote:
In this particular case, I wonder why nobody is yelling at the upstream who is happily forward packets for that AS... due dilligence at accepting customer prefixes would have easily caught the announcements.
I personally would be ``yelling at the upstream'' right now, but someone made a comment on the NANOG mailing list which sort-of hinted that this would be entirely futile in the case of AS200002. I don't know, but I suspect that he already knows something that I don't know, so I'm not wasting my time on sending comlaints to an entity that, it seems, may perhaps not give a damn.
(Yes, I understand that I'm now officially part of the problem, as I'm obviously not willing to do everything technically possible to stop particular sorts of badness)
To the extent that you might be able to avoid forwarding route announcements which originate from AS201640, allow me to express my personal opinion that doing so would be admirable.
Regards, rfg
-- This email was Virus checked by Juniper Security Gateway.
This one is, yes. No shortage of previous incidents though as you're probably aware. Anyway the question before the house here is NCC policies, not which country a specific incident took place in. On Nov 7, 2014 8:23 AM, "Elvis Daniel Velea" <elvis@velea.eu> wrote:
Nex time, before sending an e-mail learn how to use whois.
the AS is assigned and used in Bulgaria and the Sponsoring LIR is also from Bulgaria (Nettera Ltd)
Btw, how are the laws against spam in India? I see it's still in top 10 countries sending spam...
Excuse the briefness of this mail, it was sent from a mobile device.
On 07 Nov 2014, at 01:23, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There are two or three things here.
RIPE is under dutch law and the Netherlands does have a law against spam, and other cybercrime legislation as well that has historically been actively enforced.
The LIR is under romanian law and that does appear to have some laws against spam on their books but none of it appears to have been tested in court.
As a LE organization, Europol, like Interpol, deals with coordination and clearinghouse work between national LE and neither is an international police force.
This simply means that LE or the appropriate regulator in either country where the different parts of this contract exist (the Netherlands - opta or dutch high tech crime police, and whoever are their peers in Romania) should be able to act on this information.
U.S. LE as well given that the actual perpetrators are there.
Whether dutch, romanian or US law are able to take cognizance of publicly available information to open an investigation, or they need a local victim of IP hijacking (or an international victim through the normal LE channels) remains to be seen.
In either case we do need to see how much RIPE NCC can do to exercise its fiduciary duty over v4 space.
A bank manager who loaned money on the same slapdash implementation of criteria that NCC allocates IP space on (due diligence being interpreted as 'internet policing' might explain that) would be fired and/or prosecuted in very short order indeed. On Fri, 7 Nov 2014 at 02:21 Reza Mahmoudi <R.mahmoudi@mobinnet.net> wrote:
I was wondering if this kind of hijacking falls into the category of Cybercrime and authorities like Europol (https://www.europol.europa.eu/ ) can help?
Reza Mahmoudi ________________________________________ From: anti-abuse-wg-bounces@ripe.net [anti-abuse-wg-bounces@ripe.net] on behalf of Ronald F. Guilmette [rfg@tristatelogic.com] Sent: Friday, November 07, 2014 12:02 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
In message <20141106150814.GX31092@Space.Net>, Gert Doering <gert@space.net> wrote:
In this particular case, I wonder why nobody is yelling at the upstream who is happily forward packets for that AS... due dilligence at accepting customer prefixes would have easily caught the announcements.
I personally would be ``yelling at the upstream'' right now, but someone made a comment on the NANOG mailing list which sort-of hinted that this would be entirely futile in the case of AS200002. I don't know, but I suspect that he already knows something that I don't know, so I'm not wasting my time on sending comlaints to an entity that, it seems, may perhaps not give a damn.
(Yes, I understand that I'm now officially part of the problem, as I'm obviously not willing to do everything technically possible to stop particular sorts of badness)
To the extent that you might be able to avoid forwarding route announcements which originate from AS201640, allow me to express my personal opinion that doing so would be admirable.
Regards, rfg
-- This email was Virus checked by Juniper Security Gateway.
the policies are RIPE policies, NCC only has procedures. if you would be interested in the RIPE policies (and not only noise on this mailing list), you would have followed the discussions happening during the RIPE Meeting today; there was a lenghty discussion at the routing wg about this particular case and similar cases in general. regards, elvis Excuse the briefness of this mail, it was sent from a mobile device. On 07 Nov 2014, at 03:05, Suresh Ramasubramanian <ops.lists@gmail.com> wrote: This one is, yes. No shortage of previous incidents though as you're probably aware. Anyway the question before the house here is NCC policies, not which country a specific incident took place in. On Nov 7, 2014 8:23 AM, "Elvis Daniel Velea" <elvis@velea.eu> wrote:
Nex time, before sending an e-mail learn how to use whois.
the AS is assigned and used in Bulgaria and the Sponsoring LIR is also from Bulgaria (Nettera Ltd)
Btw, how are the laws against spam in India? I see it's still in top 10 countries sending spam...
Excuse the briefness of this mail, it was sent from a mobile device.
On 07 Nov 2014, at 01:23, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There are two or three things here.
RIPE is under dutch law and the Netherlands does have a law against spam, and other cybercrime legislation as well that has historically been actively enforced.
The LIR is under romanian law and that does appear to have some laws against spam on their books but none of it appears to have been tested in court.
As a LE organization, Europol, like Interpol, deals with coordination and clearinghouse work between national LE and neither is an international police force.
This simply means that LE or the appropriate regulator in either country where the different parts of this contract exist (the Netherlands - opta or dutch high tech crime police, and whoever are their peers in Romania) should be able to act on this information.
U.S. LE as well given that the actual perpetrators are there.
Whether dutch, romanian or US law are able to take cognizance of publicly available information to open an investigation, or they need a local victim of IP hijacking (or an international victim through the normal LE channels) remains to be seen.
In either case we do need to see how much RIPE NCC can do to exercise its fiduciary duty over v4 space.
A bank manager who loaned money on the same slapdash implementation of criteria that NCC allocates IP space on (due diligence being interpreted as 'internet policing' might explain that) would be fired and/or prosecuted in very short order indeed. On Fri, 7 Nov 2014 at 02:21 Reza Mahmoudi <R.mahmoudi@mobinnet.net> wrote:
I was wondering if this kind of hijacking falls into the category of Cybercrime and authorities like Europol (https://www.europol.europa.eu/ ) can help?
Reza Mahmoudi ________________________________________ From: anti-abuse-wg-bounces@ripe.net [anti-abuse-wg-bounces@ripe.net] on behalf of Ronald F. Guilmette [rfg@tristatelogic.com] Sent: Friday, November 07, 2014 12:02 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
In message <20141106150814.GX31092@Space.Net>, Gert Doering <gert@space.net> wrote:
In this particular case, I wonder why nobody is yelling at the upstream who is happily forward packets for that AS... due dilligence at accepting customer prefixes would have easily caught the announcements.
I personally would be ``yelling at the upstream'' right now, but someone made a comment on the NANOG mailing list which sort-of hinted that this would be entirely futile in the case of AS200002. I don't know, but I suspect that he already knows something that I don't know, so I'm not wasting my time on sending comlaints to an entity that, it seems, may perhaps not give a damn.
(Yes, I understand that I'm now officially part of the problem, as I'm obviously not willing to do everything technically possible to stop particular sorts of badness)
To the extent that you might be able to avoid forwarding route announcements which originate from AS201640, allow me to express my personal opinion that doing so would be admirable.
Regards, rfg
-- This email was Virus checked by Juniper Security Gateway.
I have been meaning to check the transcript later today so thanks for the information. On Nov 7, 2014 8:42 AM, "Elvis Daniel Velea" <elvis@velea.eu> wrote:
the policies are RIPE policies, NCC only has procedures.
if you would be interested in the RIPE policies (and not only noise on this mailing list), you would have followed the discussions happening during the RIPE Meeting today; there was a lenghty discussion at the routing wg about this particular case and similar cases in general.
regards, elvis
Excuse the briefness of this mail, it was sent from a mobile device.
On 07 Nov 2014, at 03:05, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
This one is, yes.
No shortage of previous incidents though as you're probably aware.
Anyway the question before the house here is NCC policies, not which country a specific incident took place in. On Nov 7, 2014 8:23 AM, "Elvis Daniel Velea" <elvis@velea.eu> wrote:
Nex time, before sending an e-mail learn how to use whois.
the AS is assigned and used in Bulgaria and the Sponsoring LIR is also from Bulgaria (Nettera Ltd)
Btw, how are the laws against spam in India? I see it's still in top 10 countries sending spam...
Excuse the briefness of this mail, it was sent from a mobile device.
On 07 Nov 2014, at 01:23, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
There are two or three things here.
RIPE is under dutch law and the Netherlands does have a law against spam, and other cybercrime legislation as well that has historically been actively enforced.
The LIR is under romanian law and that does appear to have some laws against spam on their books but none of it appears to have been tested in court.
As a LE organization, Europol, like Interpol, deals with coordination and clearinghouse work between national LE and neither is an international police force.
This simply means that LE or the appropriate regulator in either country where the different parts of this contract exist (the Netherlands - opta or dutch high tech crime police, and whoever are their peers in Romania) should be able to act on this information.
U.S. LE as well given that the actual perpetrators are there.
Whether dutch, romanian or US law are able to take cognizance of publicly available information to open an investigation, or they need a local victim of IP hijacking (or an international victim through the normal LE channels) remains to be seen.
In either case we do need to see how much RIPE NCC can do to exercise its fiduciary duty over v4 space.
A bank manager who loaned money on the same slapdash implementation of criteria that NCC allocates IP space on (due diligence being interpreted as 'internet policing' might explain that) would be fired and/or prosecuted in very short order indeed. On Fri, 7 Nov 2014 at 02:21 Reza Mahmoudi <R.mahmoudi@mobinnet.net> wrote:
I was wondering if this kind of hijacking falls into the category of Cybercrime and authorities like Europol (https://www.europol.europa.eu/ ) can help?
Reza Mahmoudi ________________________________________ From: anti-abuse-wg-bounces@ripe.net [anti-abuse-wg-bounces@ripe.net] on behalf of Ronald F. Guilmette [rfg@tristatelogic.com] Sent: Friday, November 07, 2014 12:02 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
In message <20141106150814.GX31092@Space.Net>, Gert Doering <gert@space.net> wrote:
In this particular case, I wonder why nobody is yelling at the upstream who is happily forward packets for that AS... due dilligence at accepting customer prefixes would have easily caught the announcements.
I personally would be ``yelling at the upstream'' right now, but someone made a comment on the NANOG mailing list which sort-of hinted that this would be entirely futile in the case of AS200002. I don't know, but I suspect that he already knows something that I don't know, so I'm not wasting my time on sending comlaints to an entity that, it seems, may perhaps not give a damn.
(Yes, I understand that I'm now officially part of the problem, as I'm obviously not willing to do everything technically possible to stop particular sorts of badness)
To the extent that you might be able to avoid forwarding route announcements which originate from AS201640, allow me to express my personal opinion that doing so would be admirable.
Regards, rfg
-- This email was Virus checked by Juniper Security Gateway.
In message <-827564976827469824@unknownmsgid>, Elvis Daniel Velea <elvis@velea.eu> wrote:
if you would be interested in the RIPE policies (and not only noise on this mailing list), you would have followed the discussions happening during the RIPE Meeting today; there was a lenghty discussion at the routing wg about this particular case and similar cases in general.
Would it be possible for you, or anyone else who attended to provide a brief summary of the discussion at that meeting, for the benefit of those of us who were not able to attend? If so, that would be greatly appreciated. Regards, rfg
I wrote:
Ignoring the legal non-issue of squatting, there is still the possibility of prosecutable fraud.
I just realized that this raises yet another question... In the case of the contracts that RIPE enters into with parties that request AS number assignments, do these contracts routinely include any clause or provision which legally binds the entity in question to only announce routes to IP space which has been formally registered to that entity, or to one of that entity's customers, by one of the Regional Internet Registries, i.e. ARIN, RIPE, APNIC, LACNIC, or AFRINIC? If not, why not? Perhaps there is/are some technical reasons (that I don't know about) why that sort of contractual provision would be technically unworkable. But if not, then this would seem to be a reasonable obligation to include in such contracts, perhaps along with some language that makes it clear that _willful_ violations will be prosecuted to the full extent of the law (as contract fraud). (Obviously it would be silly for RIPE to go around suing people for foolish, inadvertant, unintentional, and short-lived ``fat finger'' incidents, and I would expect that RIPE would never actually do so. But it would be helpful, I think, when situations like this one with AS201640 come up, for RIPE to at least have the clear legal option to come down hard on a party that is enjoying the many benefits of RIPE membership... e.g the ability for formally register their own AS number... even as they flagrantly violate the well-accepted norms of the community, e.g. by announcing and maintaining, over an extended period of time, routes to IP space that isn't their's to route.) Regards, rfg
Hi, On Thu, Nov 06, 2014 at 07:35:28PM -0800, Ronald F. Guilmette wrote:
Ignoring the legal non-issue of squatting, there is still the possibility of prosecutable fraud.
I just realized that this raises yet another question...
In the case of the contracts that RIPE enters into with parties that request AS number assignments, do these contracts routinely include any clause or provision which legally binds the entity in question to only announce routes to IP space which has been formally registered to that entity, or to one of that entity's customers, by one of the Regional Internet Registries, i.e. ARIN, RIPE, APNIC, LACNIC, or AFRINIC?
If not, why not?
These are valid questions. I think the main reason is history and decoupling between "resource management" (= handing out AS numbers, and having a contract that primarily ensures we know where they go to) and "operations" (= what people actually *do* with these AS numbers, and whether we like it or not). Need to think more about this and talk to people and see whether this can be done (legal framework) and how our policies would be to get there (formal policy proposal in anti-abuse?). OTOH, the existing contracts people need to sign *do* contain clauses that resource holders will abide "all RIPE policies" (or such), so the contracts in place could be good enough if the policies are made clear... as always, there's legitimate cases which we don't know about, so policy texting is never easy. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
On Fri, Nov 07, 2014 at 12:34:56PM +0100, Gert Doering wrote:
there (formal policy proposal in anti-abuse?).
NO. Please NO. put any such proposals in apwg, where they belong. I cannot be that address policy that affects *every* member is made on a mailing list that few people read (largely due to the noise and regular incoherent ranting). I would consider any "consensus" reached in this way invalid. It's the equivalent of approving ACTA at 2am in the Fisheries Commission session (yup, that happened) I would also note that the only WG whose charter explicitly permits policy-making is address-policy and I think that was the intention. (ergo the above goes for any other "special interest" WG as well.
OTOH, the existing contracts people need to sign *do* contain clauses that resource holders will abide "all RIPE policies" (or such), so
Indeed and penalties for non-compliance exist. rgds, Sascha Luck
Throwing Richard Cox out of a wg vice chair role in an AOB session where lots of regulars from other parts of the ripe meeting just happened to wander in happened too, not too long back, so please don't remind me about ACTA. As for the policy proposal I assume whoever makes it will make it in public and with drafts posted here so you're entirely free not to vote for it. But I doubt you or anyone else can ask to stop any proposal at all being placed on the agenda. Whether or not it gets consensus is a different next step. On Sat, 8 Nov 2014 at 04:54 Sascha Luck <lists-ripe@c4inet.net> wrote:
On Fri, Nov 07, 2014 at 12:34:56PM +0100, Gert Doering wrote:
there (formal policy proposal in anti-abuse?).
NO. Please NO.
put any such proposals in apwg, where they belong. I cannot be that address policy that affects *every* member is made on a mailing list that few people read (largely due to the noise and regular incoherent ranting).
I would consider any "consensus" reached in this way invalid. It's the equivalent of approving ACTA at 2am in the Fisheries Commission session (yup, that happened)
I would also note that the only WG whose charter explicitly permits policy-making is address-policy and I think that was the intention. (ergo the above goes for any other "special interest" WG as well.
OTOH, the existing contracts people need to sign *do* contain clauses that resource holders will abide "all RIPE policies" (or such), so
Indeed and penalties for non-compliance exist.
rgds, Sascha Luck
On Sat, Nov 08, 2014 at 12:03:57AM +0000, Suresh Ramasubramanian wrote:
But I doubt you or anyone else can ask to stop any proposal at all being placed on the agenda. Whether or not it gets consensus is a different next
Just. Try. Me. This goes to the full forum or it goes nowhere.
In message <20141108005303.GD58817@cilantro.c4inet.net>, Sascha Luck <lists-ripe@c4inet.net> wrote:
On Sat, Nov 08, 2014 at 12:03:57AM +0000, Suresh Ramasubramanian wrote:
But I doubt you or anyone else can ask to stop any proposal at all being placed on the agenda. Whether or not it gets consensus is a different next
Just. Try. Me. This goes to the full forum or it goes nowhere.
"This" what? Other than my own rather informal suggestion that contract terms and expectation could be made more plain, I don't recall having seen anything specific put forward here would might even vaguely be called an actual "proposal". So I'm mystified about what it is that you are, I gather, opposed to. Regards, rfg
On Sat, Nov 08, 2014 at 12:11:48PM -0800, Ronald F. Guilmette wrote:
Other than my own rather informal suggestion that contract terms and expectation could be made more plain, I don't recall having seen anything specific put forward here would might even vaguely be called an actual "proposal". So I'm mystified about what it is that you are, I gather, opposed to.
I'm opposed to this recent trend of wanting to make policy "in the back room". Traditionally, the forum to debate and agree policy proposals is the address-policy WG which also has the most subscribers (although participation is lower than I'd like to see there, too). Only in the last couple of years has there been a trend to attempt to make policy in the "specialist" WGs. Policy-making at RIPE needs all the democracy it can get and my intention is to prevent "disenfranchisement" of stakeholders who do not want to (or can't) be subscribed to every ML there is. This does not affect my opposition to the matter in hand, but I reserve argument until something more concrete is on the table.
rgds, Sascha Luck
In message <20141109135521.GF58817@cilantro.c4inet.net>, Sascha Luck <lists-ripe@c4inet.net> wrote:
On Sat, Nov 08, 2014 at 12:11:48PM -0800, Ronald F. Guilmette wrote:
Other than my own rather informal suggestion that contract terms and expectation could be made more plain, I don't recall having seen anything specific put forward here would might even vaguely be called an actual "proposal". So I'm mystified about what it is that you are, I gather, opposed to.
I'm opposed to this recent trend of wanting to make policy "in the back room". Traditionally, the forum to debate and agree policy proposals is the address-policy WG which also has the most subscribers (although participation is lower than I'd like to see there, too). Only in the last couple of years has there been a trend to attempt to make policy in the "specialist" WGs.
Policy-making at RIPE needs all the democracy it can get and my intention is to prevent "disenfranchisement" of stakeholders who do not want to (or can't) be subscribed to every ML there is.
Well, I personally am totally unaware of this trend you speak of, but I do agree that any policy that is likely to affect all of RIPE must be debated and agreed by all of RIPE. That is, quite obviously, fair and reasonable. However having said that, I'd just also like to point out that in legislative bodies worldwide, it is not at all unusual for some matters to be delegated to either legislative committees or subcommittees, in the first instance, before they are forwarded to the entire body for consideration. Is this not the way your own Parliment works? This committee/subcommittee approach does not preclude consideration of any and all matters by the full body. The full body still gets to have the final word on any and all matters. But it is often viewed as an efficient way of proceeding to have matters considered, in the first instance, by committees composed of those members with the greatest interest in and the greates familiarity with a certain area before they are taken up by the full body. Does that seem inappropriate to you?
This does not affect my opposition to the matter in hand...
Again, I'm trying to understand what it is that you are opposed to with respect to ``the matter in hand''. Can you elaborate?
Hi, On Sat, Nov 08, 2014 at 12:03:57AM +0000, Suresh Ramasubramanian wrote:
Throwing Richard Cox out of a wg vice chair role in an AOB session where lots of regulars from other parts of the ripe meeting just happened to wander in happened too, not too long back, so please don't remind me about ACTA.
As for the policy proposal I assume whoever makes it will make it in public and with drafts posted here so you're entirely free not to vote for it.
But I doubt you or anyone else can ask to stop any proposal at all being placed on the agenda. Whether or not it gets consensus is a different next step.
Well, actually the chair *is* free to reject a formal(!) policy proposal if it better fits into another WG, and the other chair is happy to take it - you know, there's a well-defined formal policy development process, and "WG chair accepts proposal" is one of the first steps... Anyway, I'm not sure I agree or disagree with Sascha - it affects address policy (which covers AS numbers), OTOH, the anti-abuse WG is free to come to consensus and send over messages to other working groups. If it happens in AP, you have the "policy community" scrutiny it, but they might not fully understand the underlying abuse issues - so input would be needed to demonstrate why this would be a necessary change. If it happens here, the abuse side of things is understood, but the secondary implications on "legitimate use cases" might not be (see the question about "why can an AS number be assigned to an entity that is not actually announcing any own space"). But then, WG chairs have been overheard to talk to each other, so WGs can coordinate closely if useful. Gert Doering -- member of the abuse-wg, chair of the AP WG -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
On Thu, Nov 06, 2014 at 07:35:28PM -0800, Ronald F. Guilmette wrote:
in such contracts, perhaps along with some language that makes it clear that _willful_ violations will be prosecuted to the full extent of the law (as contract fraud).
I'm pretty certain, most members do *not* want higher fees in order to prosecute dead-horse lawsuits. Besides, an ASN is not some bit of magic that only a RIR can create, it is a simple number and one can pick any of them and advertise networks through it. Having it registered merely increases the likelihood that an upstream will route it... rgds, Sascha Luck
In message <20141107233123.GC58817@cilantro.c4inet.net>, Sascha Luck <lists-ripe@c4inet.net> wrote:
On Thu, Nov 06, 2014 at 07:35:28PM -0800, Ronald F. Guilmette wrote:
in such contracts, perhaps along with some language that makes it clear that _willful_ violations will be prosecuted to the full extent of the law (as contract fraud).
I'm pretty certain, most members do *not* want higher fees in order to prosecute dead-horse lawsuits.
To be clear, I did not say that RIPE should routinely be initiating lawsuits. However in cases such as this present one with AS201640, I do think that RIPE NCC would have a lot more leverage in its efforts to cause the hijacking (or squatting) to quickly stop if they were in a position to _threaten_ the perpetrator with massive damages. For example, back when I first noticed this situation, On October 31st, AS201640 was announcing illegitimate routes to 48,384 IPv4 addresses. But it appears that it may have been doing something like that for a period of perhaps two full months. Now, imagine that MEGA - SPRED's contract with RIPE said that it would pay liquidated damages of, say, one euro for each day and for each IP address that was improperly routed. You do the math... forty eight thousand euros times sixty days. If that was the penalty, don't you think that a simple phone call or e-mail from RIPE NCC to MEGA - SPRED, reminding them of the contract terms, might possibly have a helpful effect in bringing this situation to a speedy close? I do. One thing _is_ perfectly clear and apparent... Whatever _is_ being done now to try to stop this madness, and MEGA - SPRED's *ongoing* route squatting (and the help it is providing to spammers and who knows what other sorts of criminals), it is not working. AS201640 is *still* announcing fully eight bogus routes as we speak. If you think this is all just fine, then yes, the solution is to do absolutely nothing. So far, all of RIPE seems to be very good at doing exactly that. Regards, rfg
[[ I'm adopting now the new terminology that I learned yesterday. What has happened in this case, and what is happening, is ``IP squatting'' rather than ``IP hijacking'' because the IP space involved was not otherwise routed. ]] In message <CAArzuotwSMkjWWe==94aD0arquoY5pSRUMX83obgcdXJe2ODOA@mail.gmail.com> Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
This simply means that LE or the appropriate regulator in either country where the different parts of this contract exist (the Netherlands - opta or dutch high tech crime police, and whoever are their peers in Romania) should be able to act on this information.
Given the history of LE globally, specifically how ineffectual most of them end up being in these sorts of matters, particularly in the absence of readily identifiable monetary harm to some well-healed local or multinational corporation, I for one will not be holding my breath waiting for that particular cavalry to arrive and save the day. I would however like to see... and would most probably be satisfied with... some sort of a blacklist entry which would insure that these same miscreants are not able to sneak in and obtain any form of arguably legitimate number resource registrations again in the future, ever. However I am still mightily puzzled by by the question of how they managed to even get an AS number _this time_. As I understand it, an AS number is just a sort of device or artifice, useful when one needs to do some routing, i.e. of some IP space which one, presumably, already has a legitimate claim to. But as far as I can tell, this thing, MEGA - SPRED LTD, does not have, and indeed may never have had even a single IP address which was or is legitmately there's. Are AS numbers given out, by _any_ RiR, to people or entities which have -zero- IPs that need routing?
U.S. LE as well given that the actual perpetrators are there.
As noted in the Krebs article, the spammer Michael Persaud, a resident of San Diego, California, claims to have simply contracted for rights to use some portion of the squatted IP space from some other party. Persaud did not give Krebs, the reporter, any indication of who or where that other party might be. Based on the evidence, a reasonable first order supposition might be that the other party in this case... the one which sold Persaud the squatted IP space... was most probably MEGA - SPRED LTD, which claims to be located in Sofia, Bulgaria. It would thus appear to be a vast over-simplification to say that ``the actual perpetrators are {located in the United States}'', and/or that thus, as a consequence, US LE would have even the slightest interest in this case. I would be willing to bet money right now that U.S. LE would have no such interest, even if they did take the time to speak with Persaud himself. He would just repeat the claim he's already made to Krebs, i.e. that he was simply duped by some fast-talking IP salesmen located elsewhere, and that he is as much of a victim as anybody. I would love to see U.S. LE nail him for violations of the CAN-SPAM Act (which he is apparently not fully complying with, i.e. by failing to provide a snail mail opt-out address in each spam), but as regards to his potentially non-existant role in the IP space squatting, I highly doubt that any evidence exists for that, either in the city of Sofia or elsewhere, which has not already been destroyed. No evidence means no case. More to the point however, as far as I know IP space squatting is not illegal under U.S. law, nor even under any of the many flavors of EU law. So the squatting itself is most likely non-prosecutable anywhere. (It might be an entirely different story if these ``squats'' had instead been actual ``hijacks'' and if some servers which had been located in the IP space involved had been effectively disconnected from the Internet due to one of these route announcements. But there is no evidence of that for any of these bogus route announcements.) Ignoring the legal non-issue of squatting, there is still the possibility of prosecutable fraud. Fraud is a fairly old, fairly well-defined, and fairly universal legal concept which is prosecutable virtually everywhere. If and only if MEGA - SPRED LTD submitted some false documentation to RIPE NCC, _and_ if RIPE NCC felt like pressing charges... which might not actually be worth either their time or effort to do... then European LE might perhaps become involved. But that is a lot of ``ifs''. As I've said, I for one will be happy if all that happens is that these bastards have their AS registration revoked, and if they are summarily kicked out of RIPE altogether, and permanently, and the sooner the better. Regards, rfg P.S. Among the many many things that I remain puzzled by about this case, I should mention also, just in passing, that I am puzzled by the fact that at least one Cisco security guy blogged about AS201640 and its hijacking activities over a month ago, documenting it rather admirably. Yet it seems that he made no effort at all to follow-up, e.g. to see if the one route hijack that he noticed and documented was going to be short-lived or long-lived, whether the AS in question was already known for this sort of thing, or whether the bogus route he blogged about had any brothers or sisters. (As we now know, it did, and does, and 100% of AS201640's routes appear to be of this bogus variety, and most probably always have been.) Are network security researchers everywhere nowadays so completely jaded about these kinds of events that new and blatant instances of route squatting/hijacking elicit no more than a yawn and a return to other business? If so, then I think we have bigger problems than just those generated by AS201640. (Of course it is possible that the Cisco guy in question _did_ notice, over a month ago, all of the badness that AS201640 was up to, and just didn't feel like sharing that information with anybody outside of Cicso. If so, then that is a trend which would worry me too... sort of like hording your own private stash of 0-days.)
Hi, On Thu, Nov 06, 2014 at 12:32:48PM -0800, Ronald F. Guilmette wrote:
In message <20141106150814.GX31092@Space.Net>, Gert Doering <gert@space.net> wrote: [..]
(Yes, I understand that I'm now officially part of the problem, as I'm obviously not willing to do everything technically possible to stop particular sorts of badness)
To the extent that you might be able to avoid forwarding route announcements which originate from AS201640, allow me to express my personal opinion that doing so would be admirable.
This is, unfortunately, something where I have only very limited influence - our AS (5539) is mostly a leaf AS, so if I do not accept prefixes from this AS (which we indeed could and might do), the fraction of Internet users that will no longer see 201640 is very small. I'm certainly willing to help with the database issue that people can register "out of region" route: objects in the RIPE DB - which was, back in the day, fully intentional to be able to actually register a *legitimate* routing policy that involves customers that legitimately(!) hold out-of-region IP networks (e.g. due to international companies being active in multiple regions, or legacy networks that came from InterNIC). Now this is backfiring, and discussion (in the routing and database working group) has already started how to handle this without causing collateral damage. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
participants (7)
-
anfernandez@lavanguardia.es -
Elvis Daniel Velea -
Gert Doering -
Reza Mahmoudi -
Ronald F. Guilmette -
Sascha Luck -
Suresh Ramasubramanian