Hi, please see inline. On Wed, 20 Mar 2019, Andrey Korolyov wrote:
On Wed, Mar 20, 2019 at 4:36 PM Ricardo Patara <ricpatara@gmail.com> wrote: On this line of one ISP trying to make damage to other.
One might abuse a vulnerable router (thousand out there), create a tunnel to it and announce hijacked blocks originated from victims ASN.
Both, victim ASN and vulnerable router owner, would be damaged and no traces of criminal. How could they defend themselves to the so called group of experts?
And things in this line had happened already.
Regards,
That's exactly my point from above for distributing responsibility over things that AS may do over its direct peers :) With example from Furio all ASNs in proposed topology could be blamed at once, for example.
A report can be issued claiming N ASNs are involved, but i would say if one of them is not actually involved, the full report should be dismissed.
Determining exact topology may be somewhat not trivial, but not as hard as paper relations where both sides are claiming their innocence.
That's why sharing/exporting your BGP views will help an evaluation if an hijack was intentional or not.
So, for this version of proposal, I rather NAK it because it brings more potential mess than the usefulness against bad actors.
As i think Jordi have already written, there are several checks & balances that would make it hard for a due process reach its end while determining an intentional hijack took place without any intentional actions from the accused party. If you don't feel the guarantees within the process are enough (or clear enough), what would you like to add? Best Regards, Carlos