[191379] in North American Network Operators' Group
Re: "Defensive" BGP hijacking?
daemon@ATHENA.MIT.EDU (Hugo Slabbert)
Mon Sep 12 12:51:27 2016
X-Original-To: nanog@nanog.org
Date: Mon, 12 Sep 2016 09:51:23 -0700
From: Hugo Slabbert <hugo@slabnet.com>
To: Scott Weeks <surfer@mauigateway.com>
In-Reply-To: <20160912093141.CCA891FD@m0086238.ppops.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--UlVJffcvxoiEqYs2
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon 2016-Sep-12 09:31:41 -0700, Scott Weeks <surfer@mauigateway.com> wro=
te:
Full disclosure: I had a working relationship with Bryant when he was=20
still at Staminus.
Bryant (if you're on list):
I mean no harm by this and never had any trouble working with you. I just=
=20
believe this is a conversation that needs to be had.
>--- blake@ispn.net wrote:
>From: Blake Hudson <blake@ispn.net>
>Scott Weeks wrote on 9/12/2016 11:08 AM:
>> From: NANOG <nanog-bounces@nanog.org> on behalf
>> of Blake Hudson <blake@ispn.net>
>
>
>> My suggestion is that BackConnect/Bryant Townsend should have their ASN
>> revoked for fraudulently announcing another organization's address
>> space. They are not law enforcement, they did not have a warrant or
>> judicial oversight, they were not in immediate mortal peril, etc, etc.
>> -------------------------------------------------
>>
>>
>> Are the RIRs the internet police?
>
>
>ARIN has policies against fraudulently obtaining resources and has
>policies for revoking said resources. One could argue that announcing
>another org's IP resources without authorization is fraud and that said
>ip resources were fraudulently obtained during the time they were
>announced by BlackConnect. That said, this ASN was obtained through RIPE
>(despite the person/company being located in Calfornia, USA) and I did
>not see any RIPE policies related to fraud.
>
>My thought is that if Mr Townsend shows disregard for the stability of
>the internet by hijacking other's IP space, he should not be allowed to
>participate. There are comments to the Kreb's article indicating that
>this was not an isolated incident by Mr Townsend and instead represents
>one event in a pattern of behavior.
>-------------------------------------------------
>
>
>I am somewhat in agreement with Mel:
>
>"This thoughtless action requires a response from the community, and an
>apology from BackConnect. If we can't police ourselves, someone we
>don't like will do it for us. "
>
>But the first part seems to verge on vigilantism. =20
Operators are free to do whatever they like inside their own networks as=20
long as they don't impact others. Barring RPKI coverage, we're still=20
talking about an element of trust in BGP to believe what AS 203959 tells=20
us. If I no longer believe what 203959 advertises, I don't have to accept=
=20
anything with aspath .* 203959 .* in it. I don't see routing policy=20
decisions in my own network as vigilantism.
>Solutions are hard. BGP filters should be in place. Maybe that's the=20
>non-vigilante response. Force filters somehow.
>
>However, this has all been discussed over and over here... ;-)
>
>
>scott
--=20
Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com
pgp key: B178313E | also on Signal
--UlVJffcvxoiEqYs2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJX1t0LAAoJEFsnhBAb2KmAPeQP+wX97shqOPkRLYhtIWa2nS4t
auxnH31mETGSR/0DRDJky2bLAQ+4J0zu2rntcL4c0Np8u5mKsU2w3FnGn+Q++c5Y
PypaQp5zcdxjH+hWd0cGuGFIaerAmTDASN0O/p551HXO8Jd1H7y1q6aIictuwLiH
RQ3eTflC5vDehau1I4NzBUY8ZnX+DBoJUhLnLdPg0/KY+G6Vyqzvl0554nKuMAeK
b6nREQyLXuMWNgom5UbdR7xGHXT50lUtVvtzfaYXNCWVtOQFxc0RZODXGz1TZudS
GptFgCZQSlxZqc0CRaWcT2n5kQ8XO4v/wATT6F/dUBOMeHklAmpLG3CwIHyLSZfV
wG2xGm8ubalRRThsgkq1/eUFHcqWTqZMj0EwRoHyzsFHS69c1HKiRutUfK0hOzO/
ldUHg5kTkF3smxzrM4NIHK4cjUenEvVfpJMrCsmHeh/MT+zVINhvSiQ6BLd1KWLK
y9hkx9v6BBdO2jUSlDqQnHaZda+Ow9kURIqXThFz3Iz4x/Z4Ksswuzg8p57LZfBd
FnEN9Dhn9EqjR3I3BIctFrmPAu78FEORo61uuX6zOccz596h6I7TKTAYPNw2Qcol
p4lOO4oXjubQ34gRlmBiV8FVxf9u31NVuLiD/2BdGGnAdpQ033ync/1b9WUPz4FH
sVCSSeSV59A/qS43AT3z
=yRMv
-----END PGP SIGNATURE-----
--UlVJffcvxoiEqYs2--
