[191375] in North American Network Operators' Group
Re: "Defensive" BGP hijacking?
daemon@ATHENA.MIT.EDU (Mel Beckman)
Mon Sep 12 12:11:46 2016
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: "Ryan, Spencer" <sryan@arbor.net>
Date: Mon, 12 Sep 2016 16:09:16 +0000
In-Reply-To: <DM2PR0101MB1216C0753840137C206471C5B0FF0@DM2PR0101MB1216.prod.exchangelabs.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Once we let providers cross the line from legal to illegal actions, we're n=
o better than the crooks, and the Internet will descend into lawless chaos.=
BackConnect's illicit action undoubtedly injured innocent parties, so it's=
not self defense, any more than shooting wildly into a crowd to stop an at=
tacker would be self defense.=20
This thoughtless action requires a response from the community, and an apol=
ogy from BackConnect.=20
If we can't police ourselves, someone we don't like will do it for us.=20
-mel beckman
> On Sep 12, 2016, at 8:47 AM, Ryan, Spencer <sryan@arbor.net> wrote:
>=20
> I'm in the "never acceptable" camp. Filtering routes/peers? Sure. Disconn=
ecting one of your own customers to stop an attack originating from them? S=
ure. Hijacking an AS you have no permission to control? No.
>=20
>=20
> Obviously my views and not of my employer.
>=20
> Spencer Ryan | Senior Systems Administrator | sryan@arbor.net<mailto:srya=
n@arbor.net>
> Arbor Networks
> +1.734.794.5033 (d) | +1.734.846.2053 (m)
> www.arbornetworks.com<http://www.arbornetworks.com/>
>=20
>=20
> ________________________________
> From: NANOG <nanog-bounces@nanog.org> on behalf of Blake Hudson <blake@is=
pn.net>
> Sent: Monday, September 12, 2016 11:24:03 AM
> To: nanog@nanog.org
> Subject: Re: "Defensive" BGP hijacking?
>=20
>=20
> Hugo Slabbert wrote on 9/11/2016 3:54 PM:
>> Hopefully this is operational enough, though obviously leaning more towa=
rds the policy side of things:
>>=20
>> What does nanog think about a DDoS scrubber hijacking a network "for def=
ensive purposes"?
>>=20
>> http://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-=
israel/
>>=20
>> "For about six hours, we were seeing attacks of more than 200 Gbps hitti=
ng us,=94 Townsend explained. =93What we were doing was for defensive purpo=
ses. We were simply trying to get them to stop and to gather as much inform=
ation as possible about the botnet they were using and report that to the p=
roper authorities.=94
>>=20
>=20
>=20
> https://bgpstream.com/event/54711
>=20
> My suggestion is that BackConnect/Bryant Townsend should have their ASN
> revoked for fraudulently announcing another organization's address
> space. They are not law enforcement, they did not have a warrant or
> judicial oversight, they were not in immediate mortal peril, etc, etc.
