[191417] in North American Network Operators' Group
Re: "Defensive" BGP hijacking?
daemon@ATHENA.MIT.EDU (Ca By)
Tue Sep 13 15:55:25 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <CAEGzzURudp=xJUxHDGhxoWuho5weRWAocxVwdyPgzwyD2qY2xQ@mail.gmail.com>
From: Ca By <cb.list6@gmail.com>
Date: Tue, 13 Sep 2016 12:53:17 -0700
To: Bryant Townsend <bryant@backconnect.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tuesday, September 13, 2016, Bryant Townsend <bryant@backconnect.com>
wrote:
> @ca & Matt - No, we do not plan to ever intentionally perform a
> non-authorized BGP hijack in the future.
>
>
Great answer. Thanks.
Committing to pursuing a policy of weaponizing BGP would have triggered a
serious "terms of service" violations that would have effectively ended
your business swiftly and permanently.
Tip to the RIR policy folks, you may want to make this point very crisp. A
BGP ASN is the fundamental accountability control in a inter-domain
routing. Organizations with repeated offensense need to have their ASN
revoked, and further there should be controls in places so bad actors
cannot acquire "burner" ASNs.
@Steve - Correct, the attack had already been mitigated. The decision to
> hijack the attackers IP space was to deal with their threats, which if
> carried through could have potentially lead to physical harm. Although the
> hijack gave us a unique insight into the attackers services, it was not a
> factor that influenced my decision.
>
> @Blake & Mel - We will likely cover some of these questions in a future
> blog post.
>
