I have been meaning to check the transcript later today so thanks for the information.

On Nov 7, 2014 8:42 AM, "Elvis Daniel Velea" <elvis@velea.eu> wrote:
the policies are RIPE policies, NCC only has procedures.

if you would be interested in the RIPE policies (and not only noise on this mailing list), you would have followed the discussions happening during the RIPE Meeting today; there was a lenghty discussion at the routing wg about this particular case and similar cases in general.

regards,
elvis

Excuse the briefness of this mail, it was sent from a mobile device.

On 07 Nov 2014, at 03:05, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:

This one is, yes.

No shortage of previous incidents though as you're probably aware.

Anyway the question before the house here is NCC policies, not which country a specific incident took place in.

On Nov 7, 2014 8:23 AM, "Elvis Daniel Velea" <elvis@velea.eu> wrote:
Nex time, before sending an e-mail learn how to use whois.

the AS is assigned and used in Bulgaria and the Sponsoring LIR is also from Bulgaria (Nettera Ltd)

Btw, how are the laws against spam in India?  I see it's still in top 10 countries sending spam...

Excuse the briefness of this mail, it was sent from a mobile device.

On 07 Nov 2014, at 01:23, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:

There are two or three things here.

RIPE is under dutch law and the Netherlands does have a law against spam, and other cybercrime legislation as well that has historically been actively enforced.

The LIR is under romanian law and that does appear to have some laws against spam on their books but none of it appears to have been tested in court.

As a LE organization, Europol, like Interpol, deals with coordination and clearinghouse work between national LE and neither is an international police force.

This simply means that LE or the appropriate regulator in either country where the different parts of this contract exist (the Netherlands - opta or dutch high tech crime police, and whoever are their peers in Romania) should be able to act on this information.

U.S. LE as well given that the actual perpetrators are there.

Whether dutch, romanian or US law are able to take cognizance of publicly available information to open an investigation, or they need a local victim of IP hijacking (or an international victim through the normal LE channels) remains to be seen.

In either case we do need to see how much RIPE NCC can do to exercise its fiduciary duty over v4 space.

A bank manager who loaned money on the same slapdash implementation of criteria that NCC allocates IP space on (due diligence being interpreted as 'internet policing' might explain that) would be fired and/or prosecuted in very short order indeed.
On Fri, 7 Nov 2014 at 02:21 Reza Mahmoudi <R.mahmoudi@mobinnet.net> wrote:
I was wondering if this kind of hijacking falls into the category of Cybercrime and authorities like Europol (https://www.europol.europa.eu/ ) can help?

Reza Mahmoudi
________________________________________
From: anti-abuse-wg-bounces@ripe.net [anti-abuse-wg-bounces@ripe.net] on behalf of Ronald F. Guilmette [rfg@tristatelogic.com]
Sent: Friday, November 07, 2014 12:02 AM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] Hijack Factory: AS201640 / AS200002

In message <20141106150814.GX31092@Space.Net>,
Gert Doering <gert@space.net> wrote:

>In this particular case, I wonder why nobody is yelling at the upstream
>who is happily forward packets for that AS...  due dilligence at
>accepting customer prefixes would have easily caught the announcements.

I personally would be ``yelling at the upstream'' right now, but someone
made a comment on the NANOG mailing list which sort-of hinted that this
would be entirely futile in the case of AS200002.  I don't know, but I
suspect that he already knows something that I don't know, so I'm not
wasting my time on sending comlaints to an entity that, it seems, may
perhaps not give a damn.

>(Yes, I understand that I'm now officially part of the problem, as
>I'm obviously not willing to do everything technically possible to
>stop particular sorts of badness)

To the extent that you might be able to avoid forwarding route
announcements which originate from AS201640, allow me to express
my personal opinion that doing so would be admirable.


Regards,
rfg


--
This email was Virus checked by Juniper Security Gateway.