Re: "Defensive" BGP hijacking?

[Doug Montgomery <dougm.work () gmail com>]

If only there were a global system, with consistent and verifiable security
properties, to permit address holders to declare the set of AS's authorized
to announce their prefixes, and routers anywhere on the Internet to
independently verify the corresponding validity of received announcements.

*cough      https://www.nanog.org/meetings/abstract?id=2846     cough*

I now return us to our discussion of network police, questionnaires for
network security, and the use of beer as a motivating force.

dougm

On Tue, Sep 13, 2016 at 2:51 PM, Mel Beckman <mel () beckman org> wrote:

> Blake,
>
> I concur that these are key questions. Probably _the_ key questions. The
> fabric of the Internet is today based on trust, and BGP's integrity is the
> core of that trust.
>
> I realize that BGP hijacking is not uncommon. However, this is the first
> time I've seen in it used defensively. I don't see a way to ever bless this
> kind of defensive use without compromising that core trust. If Internet
> reachability depends on individual providers believing that they are
> justified in violating that trust when they are attacked, how can the
> Internet stand?
>
> In addition to the question posed to Bryant about whether he would take
> this action again, I would like to add: what about the innocent parties
> impacted by your actions? Or do you take the position there were no
> innocent parties in the hijacked prefixes?
>
> -mel via cell
>
> > On Sep 13, 2016, at 11:40 AM, Blake Hudson <blake () ispn net> wrote:
> >
> >
> >
> > Bryant Townsend wrote on 9/13/2016 2:22 AM:
> > > This was the point where I decided
> > > I needed to go on the offensive to protect myself, my partner, visiting
> > > family, and my employees. The actions proved to be extremely effective,
> as
> > > all forms of harassment and threats from the attackers immediately
> stopped.
> > Bryant, what actions, exactly, did you take? This topic seems
> intentionally glossed over while you spend a much larger amount of time
> explaining the back story and your motivations rather than your actions.
> > Questions I was left with:
> >
> > 1. What prefixes have you announced without permission (not just this
> >   event)?
> > 2. How did you identify these prefixes?
> > 3. Did you attempt to contact the owner of these prefixes?
> > 4. Did you attempt to contact the origin or transit AS of these prefixes?
> > 5. What was the process to get your upstream AS to accept these prefix
> >   announcements?
> > 6. Was your upstream AS complicit in allowing you to announce prefixes
> >   you did not have authorization to announce?



-- 
DougM at Work