[191382] in North American Network Operators' Group
Re: "Defensive" BGP hijacking?
daemon@ATHENA.MIT.EDU (Richard Hesse)
Mon Sep 12 13:40:12 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <D570BAA4-792D-48B1-910E-50210BDD0D9A@slabnet.com>
From: Richard Hesse <richard.hesse@weebly.com>
Date: Mon, 12 Sep 2016 17:32:18 +0000
To: Hugo Slabbert <hugo@slabnet.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
This behavior is never defensible nor acceptable.
In addition to being in the wrong with BGP hijacking a prefix, it
appears that Mr. Townsend had the wrong target, too. We've been
attacked a few dozen times by this botnet, and they could never muster
anything near 200 gbps worth of traffic. They were orders of magnitude
smaller, only around 8-16 gbps depending on attack.
Mr. Townsend's motives were wrong and so was his information.
-richard
On Sun, Sep 11, 2016 at 8:54 PM, Hugo Slabbert <hugo@slabnet.com> wrote:
> Hopefully this is operational enough, though obviously leaning more towar=
ds the policy side of things:
>
> What does nanog think about a DDoS scrubber hijacking a network "for defe=
nsive purposes"?
>
> http://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-i=
srael/
>
> "For about six hours, we were seeing attacks of more than 200 Gbps hittin=
g us,=E2=80=9D Townsend explained. =E2=80=9CWhat we were doing was for defe=
nsive purposes. We were simply trying to get them to stop and to gather as =
much information as possible about the botnet they were using and report th=
at to the proper authorities.=E2=80=9D
>
> --
> Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com
> pgp key: B178313E | also on Signal
