<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Jun 27, 2021, at 14:55 , Noah <<a href="mailto:noah@neo.co.tz" class="">noah@neo.co.tz</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta charset="UTF-8" class=""><br class="Apple-interchange-newline"><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><div class="gmail_quote" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div dir="ltr" class="gmail_attr">On Sat, Jun 26, 2021 at 11:35 AM Owen DeLong <<a href="mailto:owen@delong.com" class="">owen@delong.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 1ex;"><div style="overflow-wrap: break-word;" class=""><div class=""><blockquote type="cite" class=""><div class=""><div dir="auto" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none;" class=""><div class=""><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 1ex;"><div style="overflow-wrap: break-word;" class=""><div class=""><blockquote type="cite" class=""><div class=""><div dir="auto" class=""><div dir="auto" class=""><br class=""></div><div dir="auto" class="">So in the AFRINIC region, network abuse incidents have been reported on this very list as recent as this year and we have had incidents of misappropriation [1] of INR as well.</div><div dir="auto" class=""><br class=""></div><div dir="auto" class="">[1]<span class=""> </span><a href="https://lists.afrinic.net/pipermail/community-discuss/2020-August/003678.html" rel="noreferrer noreferrer" target="_blank" class="">https://lists.afrinic.net/pipermail/community-discuss/2020-August/003678.html</a><br class=""></div></div></div></blockquote><div class=""><br class=""></div>Your example cites resources that were misappropriated in such a way that they could have had ROAs issued that would have further masked the misappropriation.</div></div></blockquote></div></div><div dir="auto" class=""><br class=""></div><div dir="auto" class="">I read "further masked" ... eeeh heh ?</div></div></div></blockquote><div class=""><br class=""></div></div>In other words, given the way those resources were misappropriated, they could have still had (apparently) valid ROAs attesting to their origin ASN providing an additional<div class="">assurance that this stolen space was in legitimate use.</div></div></blockquote><div class=""><br class=""></div><div class="">Are we talking about bogons ROA'd with the AS0 tag?</div></div></div></blockquote><div><br class=""></div>No, I’m saying that the example you cite likely would not have received AS0 ROAs even with this policy in place and likely could well have had ROAs</div><div>attesting to the ASN that was advertising the misappropriated space.</div><div><br class=""><blockquote type="cite" class=""><div class=""><div class="gmail_quote" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 1ex;"><div style="overflow-wrap: break-word;" class=""><div class=""><br class=""></div><div class="">Hence providing additional disguise…further masking…</div><div class=""><br class=""></div></div></blockquote><div class=""><br class=""></div><div class="">How?</div></div></div></blockquote><div><br class=""></div>Are you serious? If you have an AS X that receives misappropriated addresses at the end of the misappropriation chain that is able to get the RIR to</div><div>sign ROAs attesting to their origination of the prefix, given that the misappropriation happened at the hands of an RIR insider, how are you not able</div><div>to see this plainly?</div><div> <br class=""><blockquote type="cite" class=""><div class="gmail_quote" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 1ex;"><div style="overflow-wrap: break-word;" class=""><div class=""></div><div class="">Does that clarify for you?</div></div></blockquote><div class=""><br class=""></div><div class="">No it does not...</div></div></blockquote><div><br class=""></div>Wow… Well, hopefully the above rather detailed explanation is simple enough for you this time.</div><div><br class=""></div><div>Owen</div><div><br class=""></div></body></html>