[191373] in North American Network Operators' Group
Re: "Defensive" BGP hijacking?
daemon@ATHENA.MIT.EDU (Ryan, Spencer)
Mon Sep 12 11:47:21 2016
X-Original-To: nanog@nanog.org
From: "Ryan, Spencer" <sryan@arbor.net>
To: Blake Hudson <blake@ispn.net>, "nanog@nanog.org" <nanog@nanog.org>
Date: Mon, 12 Sep 2016 15:47:16 +0000
In-Reply-To: <1a1cb01c-23de-474c-7099-025685fddfd1@ispn.net>
Errors-To: nanog-bounces@nanog.org
I'm in the "never acceptable" camp. Filtering routes/peers? Sure. Disconnec=
ting one of your own customers to stop an attack originating from them? Sur=
e. Hijacking an AS you have no permission to control? No.
Obviously my views and not of my employer.
Spencer Ryan | Senior Systems Administrator | sryan@arbor.net<mailto:sryan@=
arbor.net>
Arbor Networks
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com<http://www.arbornetworks.com/>
________________________________
From: NANOG <nanog-bounces@nanog.org> on behalf of Blake Hudson <blake@ispn=
.net>
Sent: Monday, September 12, 2016 11:24:03 AM
To: nanog@nanog.org
Subject: Re: "Defensive" BGP hijacking?
Hugo Slabbert wrote on 9/11/2016 3:54 PM:
> Hopefully this is operational enough, though obviously leaning more towar=
ds the policy side of things:
>
> What does nanog think about a DDoS scrubber hijacking a network "for defe=
nsive purposes"?
>
> http://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-i=
srael/
>
> "For about six hours, we were seeing attacks of more than 200 Gbps hittin=
g us,=94 Townsend explained. =93What we were doing was for defensive purpos=
es. We were simply trying to get them to stop and to gather as much informa=
tion as possible about the botnet they were using and report that to the pr=
oper authorities.=94
>
https://bgpstream.com/event/54711
My suggestion is that BackConnect/Bryant Townsend should have their ASN
revoked for fraudulently announcing another organization's address
space. They are not law enforcement, they did not have a warrant or
judicial oversight, they were not in immediate mortal peril, etc, etc.
