[191414] in North American Network Operators' Group
Re: "Defensive" BGP hijacking?
daemon@ATHENA.MIT.EDU (Mel Beckman)
Tue Sep 13 14:51:11 2016
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Blake Hudson <blake@ispn.net>
Date: Tue, 13 Sep 2016 18:51:06 +0000
In-Reply-To: <c0c9e182-00bb-8aac-defa-157b71207ce8@ispn.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Blake,
I concur that these are key questions. Probably _the_ key questions. The fa=
bric of the Internet is today based on trust, and BGP's integrity is the co=
re of that trust.=20
I realize that BGP hijacking is not uncommon. However, this is the first ti=
me I've seen in it used defensively. I don't see a way to ever bless this k=
ind of defensive use without compromising that core trust. If Internet reac=
hability depends on individual providers believing that they are justified =
in violating that trust when they are attacked, how can the Internet stand?
In addition to the question posed to Bryant about whether he would take thi=
s action again, I would like to add: what about the innocent parties impact=
ed by your actions? Or do you take the position there were no innocent part=
ies in the hijacked prefixes?
-mel via cell
> On Sep 13, 2016, at 11:40 AM, Blake Hudson <blake@ispn.net> wrote:
>=20
>=20
>=20
> Bryant Townsend wrote on 9/13/2016 2:22 AM:
>> This was the point where I decided
>> I needed to go on the offensive to protect myself, my partner, visiting
>> family, and my employees. The actions proved to be extremely effective, =
as
>> all forms of harassment and threats from the attackers immediately stopp=
ed.
>=20
>=20
> Bryant, what actions, exactly, did you take? This topic seems intentional=
ly glossed over while you spend a much larger amount of time explaining the=
back story and your motivations rather than your actions.
>=20
> Questions I was left with:
>=20
> 1. What prefixes have you announced without permission (not just this
> event)?
> 2. How did you identify these prefixes?
> 3. Did you attempt to contact the owner of these prefixes?
> 4. Did you attempt to contact the origin or transit AS of these prefixes?
> 5. What was the process to get your upstream AS to accept these prefix
> announcements?
> 6. Was your upstream AS complicit in allowing you to announce prefixes
> you did not have authorization to announce?
>=20
