nanog mailing list archives
Re: "Defensive" BGP hijacking?
From: Ca By <cb.list6 () gmail com>
Date: Tue, 13 Sep 2016 12:53:17 -0700
On Tuesday, September 13, 2016, Bryant Townsend <bryant () backconnect com> wrote:
@ca & Matt - No, we do not plan to ever intentionally perform a non-authorized BGP hijack in the future.
Great answer. Thanks. Committing to pursuing a policy of weaponizing BGP would have triggered a serious "terms of service" violations that would have effectively ended your business swiftly and permanently. Tip to the RIR policy folks, you may want to make this point very crisp. A BGP ASN is the fundamental accountability control in a inter-domain routing. Organizations with repeated offensense need to have their ASN revoked, and further there should be controls in places so bad actors cannot acquire "burner" ASNs. @Steve - Correct, the attack had already been mitigated. The decision to
hijack the attackers IP space was to deal with their threats, which if carried through could have potentially lead to physical harm. Although the hijack gave us a unique insight into the attackers services, it was not a factor that influenced my decision. @Blake & Mel - We will likely cover some of these questions in a future blog post.
Current thread:
- Re: "Defensive" BGP hijacking?, (continued)
- Re: "Defensive" BGP hijacking? Ca By (Sep 13)
- Re: "Defensive" BGP hijacking? Matt Freitag (Sep 13)
- Re: "Defensive" BGP hijacking? Ryan, Spencer (Sep 13)
- Re: "Defensive" BGP hijacking? Blake Hudson (Sep 13)
- Re: "Defensive" BGP hijacking? Mel Beckman (Sep 13)
- Re: "Defensive" BGP hijacking? Doug Montgomery (Sep 13)
- Re: "Defensive" BGP hijacking? Ca By (Sep 13)
- Re: "Defensive" BGP hijacking? Sandra Murphy (Sep 14)
- Re: "Defensive" BGP hijacking? Ca By (Sep 13)
- Re: "Defensive" BGP hijacking? Bryant Townsend (Sep 13)
- Re: "Defensive" BGP hijacking? Ca By (Sep 13)
- Re: "Defensive" BGP hijacking? Blake Hudson (Sep 13)
- Re: "Defensive" BGP hijacking? Hank Nussbacher (Sep 13)