Hi Suresh, Hank, All, On Thu, 5 Sep 2019, Suresh Ramasubramanian wrote:
Hijacked route announcements can be carefully targeted to just a victim AS for any attack.
Yes, they can -- and several cases (as far as i read) were already seen when that was done over an IXP. But that doesn't mean that "hijacked" announcement has to be 100% invisible, e.g. if the victim AS is sharing their routing view with someone else... :-)
If that victim AS holder complains to their national CERT the language here precludes the CERT from reporting into RIPE.
It might, yes (and that's not optimal), but the victim AS folks could also theoretically do it by themselves...
That is a technicality as I can't imagine RIPE would refuse reports from a CERT, but it is worth fixing.
*Today*, is there any way for a CERT (National or not) or any victim AS to do it...? (I know that this is already possible in LACNIC. They have WARP -- <pub> https://warp.lacnic.net </pub>) Cheers, Carlos
On 05/09/19, 8:26 PM, "anti-abuse-wg on behalf of Carlos Friaças via anti-abuse-wg" <anti-abuse-wg-bounces@ripe.net on behalf of anti-abuse-wg@ripe.net> wrote:
On Thu, 5 Sep 2019, Hank Nussbacher wrote:
On 05/09/2019 16:23, Marco Schmidt wrote:
"A.3.1. Reporting Only persons directly affected by a suspected hijack can report to the RIPE NCC that another party has announced resources registered to or used by the reporter without their consent. "
This thereby precludes any national CERT from reporting to the RIPE NCC any suspected hijacks since they are not directly affected. Can this text be modified?
Hi Hank, All,
If a national CERT receives an hijacked route, it *is* affected -- in the sense their packets will go towards a wrongful destination.
Not sure if the issue is with "person" vs. "organization", but a person should be able to report it on behalf of an affected organization...
Regards, Carlos
Regards, Hank
Dear colleagues,
Policy proposal 2019-03, "Resource Hijacking is a RIPE Policy Violation" is now in the Review Phase.
The goal of this proposal is to define that BGP hijacking is not accepted as normal practice within the RIPE NCC service region.
The proposal has been updated following the last round of discussion and is now at version v2.0. Some of the changes made to version v1.0 include: - Includes procedural steps for reporting and evaluation of potential hijacks - Provides guidelines for external experts - Adjusted title
The RIPE NCC has prepared an impact analysis on this latest proposal version to support the community?s discussion. You can find the full proposal and impact analysis at: https://www.ripe.net/participate/policies/proposals/2019-03 https://www.ripe.net/participate/policies/proposals/2019-03#impact-analysis
And the draft documents at: https://www.ripe.net/participate/policies/proposals/2019-03/draft
As per the RIPE Policy Development Process (PDP), the purpose of this four week Review Phase is to continue discussion of the proposal, taking the impact analysis into consideration, and to review the full draft RIPE Policy Document.
At the end of the Review Phase, the Working Group (WG) Chairs will determine whether the WG has reached rough consensus. It is therefore important to provide your opinion, even if it is simply a restatement of your input from the previous phase.
We encourage you to read the proposal, impact analysis and draft document and send any comments to <anti-abuse-wg@ripe.net> before 4 October 2019.
Kind regards,
Marco Schmidt Policy Officer RIPE NCC