[191372] in North American Network Operators' Group
Re: "Defensive" BGP hijacking?
daemon@ATHENA.MIT.EDU (Blake Hudson)
Mon Sep 12 11:24:10 2016
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Blake Hudson <blake@ispn.net>
Date: Mon, 12 Sep 2016 10:24:03 -0500
In-Reply-To: <D570BAA4-792D-48B1-910E-50210BDD0D9A@slabnet.com>
Errors-To: nanog-bounces@nanog.org
Hugo Slabbert wrote on 9/11/2016 3:54 PM:
> Hopefully this is operational enough, though obviously leaning more towards the policy side of things:
>
> What does nanog think about a DDoS scrubber hijacking a network "for defensive purposes"?
>
> http://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-israel/
>
> "For about six hours, we were seeing attacks of more than 200 Gbps hitting us,” Townsend explained. “What we were doing was for defensive purposes. We were simply trying to get them to stop and to gather as much information as possible about the botnet they were using and report that to the proper authorities.”
>
https://bgpstream.com/event/54711
My suggestion is that BackConnect/Bryant Townsend should have their ASN
revoked for fraudulently announcing another organization's address
space. They are not law enforcement, they did not have a warrant or
judicial oversight, they were not in immediate mortal peril, etc, etc.
