[nsp-sec] Fwd: [1st-t] BGP Hijacks, New RIPE Policy Proposal to be published soon

Hank Nussbacher hank at efes.iucc.ac.il
Sun Feb 17 04:25:54 EST 2019 

Forwarded with permission from first-teams list.

-Hank

-------- Forwarded Message --------
Subject: 	[1st-t] BGP Hijacks, New RIPE Policy Proposal to be published 
soon
Date: 	Sat, 16 Feb 2019 23:12:10 +0000 (WET)
From: 	Carlos Friaças (via first-teams Mailing List) 
<first-teams at lists.first.org>
Reply-To: 	Carlos Friaças <cfriacas at fccn.pt>
To: 	first-teams at first.org
CC: 	info at cert.rcts.pt




(Sorry if you receive this in double, i've also sent it to the Trusted 
Introducer's Accredited Teams List)

Greetings,

Recently it came clear to me that people which repeateadly have 
performed BGP Hijacks while being a RIPE NCC member, through that line 
of action **DON'T LOSE** their RIPE NCC membership status. This means 
ASNs and other
(non-hijacked) address space are kept by these offenders.

This might look weird to most cybersecurity people, but unfortunately 
this doesn't seem to be an abnormality to active RIPE mailing lists 
participants (where RIPE policies are discussed and defined). This group 
currently has **VERY FEW** cybersecurity-driven individuals, afaik.

It is also important to understand that it is **NOT** the RIPE NCC that 
designs or approves policies, but "the community" through a policy 
development process (PDP) that fully relies on mailing list discussions.

With all this in mind, i thought it is time for someone to push for some 
changes -- and this is where i need your help!

Next week (or the week after next week), a new policy proposal will be 
published to clearly establish that BGP Hijacks are a RIPE policy 
violation. Consequences of a policy violation are already established, 
which could lead to de-registration of resources and losing RIPE NCC 
membership status, so this proposal will **NOT** focus on that bit.

After the proposal is published, a discussion phase will start, and i 
expect strong opposition from people who want to keep the status quo, or 
people that benefit directly or indirectly from said BGP Hijacks.
So, the main goal of this message is to make you aware and ask you to 
subscribe to the Anti-Abuse Working Group mailing list, in order to be 
able to express your support, or suggest any changes that could improve 
the proposal (of course you might as well oppose it, if you think this 
is a bad idea...).

The URL to subscribe to the Anti-Abuse WG mailing list is:

https://www.ripe.net/mailman/listinfo/anti-abuse-wg

It is also important to be aware of two details:
- Each opinion is strictly individual, a proposal is not supported or 
opposed by an organisation. Two people from the same org are able to 
express different views.
- The community is basically defined by "everyone", i.e. your 
organisation doesn't need to be a RIPE NCC member, nor does your 
organisation need to have any business within the RIPE NCC service region.

I know it's not usually the CSIRT Team, or the SOC Team that deals with 
RIPE NCC/numbering resources distribution related issues, but to be able 
to change anything here, your input will be needed.

If you are outside Europe, please keep in mind that you can also 
contribute. If this initiative is successful within RIPE, the idea is to 
tackle the same issue within other regions/RIRs where needed.

Thank you for reading this!
If you feel my approach to this problem is wrong, please tell me either 
before or after the proposal is published. :-)

Best Regards,
______________

Carlos Friaças

Coordenador do RCTS CERT / Head of RCTS CERT (www.cert.rcts.pt)

Fundação para Ciência e a Tecnologia, I.P. (www.fct.pt)
Unidade FCCN - Computação Científica Nacional (www.fccn.pt)
Av. do Brasil, 101, 1700-066 Lisboa, Portugal
[+351] 218440100

More information about the nsp-security mailing list