FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79
Folks, Please see the draft minutes from our WG Session in Rotterdam. If you have any corrections or objections, could you please let us know ASAP? Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 From: Aa-wg-chair <aa-wg-chair-bounces@ripe.net> On Behalf Of Alun Davies Sent: Monday 16 December 2019 09:52 To: aa-wg-chair@ripe.net Subject: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79 Hello Brian, Tobias, Alireza, Please find attached the draft minutes for the Anti-Abuse WG session at RIPE 79. Do take a look when you have a moment and let us know if you’d like any changes made. If we don’t hear back from you by the end of this week, we’ll go ahead and publish them as is to the website. Cheers, Alun Davies RIPE NCC
I can only commend LACNIC for doing the right thing and serving as a clearing house for such community outreach. Route hijacks that cause major operational impact are certainly something that impacts the community as a whole, and while this is resolvable by operators, quite often finding the right individual who can get something fixed is a challenge. Having an RIR – as a common service provider to a large community – additionally serve as an impartial clearinghouse to help reach out to the right people does not strike me as a bad thing or “internet police”. From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> Date: Monday, 16 December 2019 at 3:33 PM To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79 Folks, Please see the draft minutes from our WG Session in Rotterdam. If you have any corrections or objections, could you please let us know ASAP? Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 From: Aa-wg-chair <aa-wg-chair-bounces@ripe.net> On Behalf Of Alun Davies Sent: Monday 16 December 2019 09:52 To: aa-wg-chair@ripe.net Subject: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79 Hello Brian, Tobias, Alireza, Please find attached the draft minutes for the Anti-Abuse WG session at RIPE 79. Do take a look when you have a moment and let us know if you’d like any changes made. If we don’t hear back from you by the end of this week, we’ll go ahead and publish them as is to the website. Cheers, Alun Davies RIPE NCC
In message <DB7PR06MB5017909EC93E301C76BA47C694510@DB7PR06MB5017.eurprd06.prod. outlook.com>, Brian Nisbet <brian.nisbet@heanet.ie> wrote:
Ruediger said that... [when] he looks at routing tables, he sees a lot of odd stuff including faked origin ASes, AS paths that are not technically valid, in RPKI – ROAs for ASNs that should not show up for public routing. Looking at RPKI, reputation does not help because in RPKI there are authorisation forecasts that are completely invalid.
Due to my general ignorance of these matters, I would very much like to be shown some real-world and current examples of each of the above three alleged problems, i.e.: *) faked origin ASes *) AS paths that are not technically valid *) ROAs for ASNs that should not show up for public routing. I hope that Ruediger is on this list, and that he will provide me with at least one or two examples of each of the above. My thanks to him in advance for this. Regards, rfg
Unfortunately as far as I am aware he is not on the list, or at least I have never seen him post here. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270
-----Original Message----- From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> On Behalf Of Ronald F. Guilmette Sent: Monday 16 December 2019 19:11 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79
In message <DB7PR06MB5017909EC93E301C76BA47C694510@DB7PR06MB5017.eurprd06 .prod. outlook.com>, Brian Nisbet <brian.nisbet@heanet.ie> wrote:
Ruediger said that... [when] he looks at routing tables, he sees a lot of odd stuff including faked origin ASes, AS paths that are not technically valid, in RPKI – ROAs for ASNs that should not show up for public routing. Looking at RPKI, reputation does not help because in RPKI there are authorisation forecasts that are completely invalid.
Due to my general ignorance of these matters, I would very much like to be shown some real-world and current examples of each of the above three alleged problems, i.e.:
*) faked origin ASes
*) AS paths that are not technically valid
*) ROAs for ASNs that should not show up for public routing.
I hope that Ruediger is on this list, and that he will provide me with at least one or two examples of each of the above.
My thanks to him in advance for this.
Regards, rfg
Ruediger has a nice full list of all the other ways a prefix can be mis-announced or route leaked. Typos, incompetence in setting up load balancers, so on and forth. However, the number of these that are malicious and that’d be of interest to the AAWG, is much smaller, wouldn’t you say? From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> Date: Tuesday, 17 December 2019 at 3:16 PM To: Ronald F. Guilmette <rfg@tristatelogic.com>, anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79 Unfortunately as far as I am aware he is not on the list, or at least I have never seen him post here. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie<http://www.heanet.ie> Registered in Ireland, No. 275301. CRA No. 20036270
-----Original Message----- From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> On Behalf Of Ronald F. Guilmette Sent: Monday 16 December 2019 19:11 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79
In message <DB7PR06MB5017909EC93E301C76BA47C694510@DB7PR06MB5017.eurprd06 .prod. outlook.com>, Brian Nisbet <brian.nisbet@heanet.ie> wrote:
Ruediger said that... [when] he looks at routing tables, he sees a lot of odd stuff including faked origin ASes, AS paths that are not technically valid, in RPKI – ROAs for ASNs that should not show up for public routing. Looking at RPKI, reputation does not help because in RPKI there are authorisation forecasts that are completely invalid.
Due to my general ignorance of these matters, I would very much like to be shown some real-world and current examples of each of the above three alleged problems, i.e.:
*) faked origin ASes
*) AS paths that are not technically valid
*) ROAs for ASNs that should not show up for public routing.
I hope that Ruediger is on this list, and that he will provide me with at least one or two examples of each of the above.
My thanks to him in advance for this.
Regards, rfg
In message <SG2PR03MB405349DB2EB23C31B9EF12CCF5500@SG2PR03MB4053.apcprd03.prod.outlook.com>, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Ruediger has a nice full list of all the other ways a prefix can be mis- announced or route leaked. Typos, incompetence in setting up load balancers, so on and forth. However, the number of these that are malicious and that'd be of interest to the AAWG...
Just to clarify, the set of things that might be of interest to me personally is likely to be somewhat larger than the set of things that might be of interest to the AAWG. Regards, rfg
In message <93666.1576523466@segfault.tristatelogic.com>, Ronald F. Guilmette <rfg@tristatelogic.com> writes
Due to my general ignorance of these matters, I would very much like to be shown some real-world and current examples of each of the above three alleged problems, i.e.:
*) faked origin ASes
*) AS paths that are not technically valid
*) ROAs for ASNs that should not show up for public routing.
I hope that Ruediger is on this list, and that he will provide me with at least one or two examples of each of the above.
You might find it useful to read this IMC paper Taejoong Chung, Emile Aben, Tim Bruijnzeels, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Roland van Rijswijk-Deij, John Rula, and Nick Sullivan. 2019. RPKI is Coming of Age: A Longitudinal Study of RPKI Deployment and Invalid Route Origins. In Proceedings of the Internet Measurement Conference (IMC '19). ACM, New York, NY, USA, 406-419. DOI: https://doi.org/10.1145/3355369.3355596 There's a number of other academic researchers mining the RIPE data (and other repositories) looking for "interesting" announcements ... and then writing papers about what they have found. However if you are looking for spam related wickedness you may need to go rather further than just looking at public data Note also that "faked" and "should not show up" are generally judgement calls based on opinion (sometimes very well informed opinion) or on assertions by the beneficial users of address blocks as to the announcements that can be considered valid. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
participants (4)
-
Brian Nisbet -
Richard Clayton -
Ronald F. Guilmette -
Suresh Ramasubramanian