nanog mailing list archives

Re: "Defensive" BGP hijacking?

From: Mel Beckman <mel () beckman org>
Date: Mon, 12 Sep 2016 16:09:16 +0000

Once we let providers cross the line from legal to illegal actions, we're no better than the crooks, and the Internet 
will descend into lawless chaos. BackConnect's illicit action undoubtedly injured innocent parties, so it's not self 
defense, any more than shooting wildly into a crowd to stop an attacker would be self defense. 

This thoughtless action requires a response from the community, and an apology from BackConnect. 

If we can't police ourselves, someone we don't like will do it for us. 

 -mel beckman

On Sep 12, 2016, at 8:47 AM, Ryan, Spencer <sryan () arbor net> wrote:

I'm in the "never acceptable" camp. Filtering routes/peers? Sure. Disconnecting one of your own customers to stop an 
attack originating from them? Sure. Hijacking an AS you have no permission to control? No.


Obviously my views and not of my employer.

Spencer Ryan | Senior Systems Administrator | sryan () arbor net<mailto:sryan () arbor net>
Arbor Networks
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com<http://www.arbornetworks.com/>


________________________________
From: NANOG <nanog-bounces () nanog org> on behalf of Blake Hudson <blake () ispn net>
Sent: Monday, September 12, 2016 11:24:03 AM
To: nanog () nanog org
Subject: Re: "Defensive" BGP hijacking?


Hugo Slabbert wrote on 9/11/2016 3:54 PM:

Hopefully this is operational enough, though obviously leaning more towards the policy side of things:

What does nanog think about a DDoS scrubber hijacking a network "for defensive purposes"?

http://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-israel/

"For about six hours, we were seeing attacks of more than 200 Gbps hitting us,” Townsend explained. “What we were 
doing was for defensive purposes. We were simply trying to get them to stop and to gather as much information as 
possible about the botnet they were using and report that to the proper authorities.”



https://bgpstream.com/event/54711

My suggestion is that BackConnect/Bryant Townsend should have their ASN
revoked for fraudulently announcing another organization's address
space. They are not law enforcement, they did not have a warrant or
judicial oversight, they were not in immediate mortal peril, etc, etc.

Current thread:

"Defensive" BGP hijacking? Hugo Slabbert (Sep 11)
- Re: "Defensive" BGP hijacking? FHR (Sep 11)
- Re: "Defensive" BGP hijacking? Ca By (Sep 11)
- Re: "Defensive" BGP hijacking? Blake Hudson (Sep 12)
  - Re: "Defensive" BGP hijacking? Ryan, Spencer (Sep 12)
    - Re: "Defensive" BGP hijacking? Mel Beckman (Sep 12)
    - Re: "Defensive" BGP hijacking? Florian Weimer (Sep 12)
    - Re: "Defensive" BGP hijacking? Jared Mauch (Sep 12)
- Re: "Defensive" BGP hijacking? Richard Hesse (Sep 12)
  - Re: "Defensive" BGP hijacking? Paras Jha (Sep 12)
    - Re: "Defensive" BGP hijacking? Mel Beckman (Sep 12)
- Re: "Defensive" BGP hijacking? Jean-Francois Mezei (Sep 12)
  - Re: "Defensive" BGP hijacking? Hugo Slabbert (Sep 12)
    - Re: "Defensive" BGP hijacking? Jean-Francois Mezei (Sep 12)
  - Re: "Defensive" BGP hijacking? Valdis . Kletnieks (Sep 12)
    - Re: "Defensive" BGP hijacking? Jean-Francois Mezei (Sep 12)

(Thread continues...)