[191533] in North American Network Operators' Group
Re: "Defensive" BGP hijacking?
daemon@ATHENA.MIT.EDU (Hugo Slabbert)
Tue Sep 20 21:46:06 2016
X-Original-To: nanog@nanog.org
Date: Tue, 20 Sep 2016 18:46:01 -0700
From: Hugo Slabbert <hugo@slabnet.com>
To: Tom Beecher <beecher@beecher.cc>
In-Reply-To: <CAL9Qcx7qjR4zePOGf4VxnnVgDK-ShmBEb+Ud56AK7rJazi3LsA@mail.gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--734kl7bjq6u25mo3
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Lucy, you got some (*serious*) 'splainin to do...
http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/
http://krebsonsecurity.com/2016/09/ddos-mitigation-firm-has-history-of-hija=
cks/
--=20
Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com
pgp key: B178313E | also on Signal
On Sun 2016-Sep-18 22:25:44 -0400, Tom Beecher <beecher@beecher.cc> wrote:
>So after reading your explanation of things...
>
>Your technical protections for your client proved sufficient to handle the
>attack. You took OFFENSIVE action by hijacking the IP space. By your own
>statements, it was only in response to threats against your company. You
>were no longer providing DDoS protection to a client. You were exacting a
>vendetta against someone who was being MEAN to you. Even if that person
>probably deserved it, you still cannot do what was done.
>
>I appreciate the desire to want to protect friends and family from
>anonymous threats, and also realize how ill equipped law enforcement
>usually is while something like this is occurring.
>
>However, in my view, by taking the action you did, you have shown your
>company isn't ready to be operating in the security space. Being threatened
>by bad actors is a nominal part of doing business in the security space.
>Unfortunately you didn't handle it well, and I think that will stick to you
>for a long time.
>
>On Tue, Sep 13, 2016 at 3:29 PM, Bryant Townsend <bryant@backconnect.com>
>wrote:
>
>> @ca & Matt - No, we do not plan to ever intentionally perform a
>> non-authorized BGP hijack in the future.
>>
>> @Steve - Correct, the attack had already been mitigated. The decision to
>> hijack the attackers IP space was to deal with their threats, which if
>> carried through could have potentially lead to physical harm. Although t=
he
>> hijack gave us a unique insight into the attackers services, it was not a
>> factor that influenced my decision.
>>
>> @Blake & Mel - We will likely cover some of these questions in a future
>> blog post.
>>
--734kl7bjq6u25mo3
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCgAGBQJX4eZVAAoJEFsnhBAb2KmAvsUQAIMx6ECkEBz1EQsWLCEVSqmn
Kj+qEjV+M/8NzSH4il6QPD0tvmIEONYKwCnZDDelt46Wer0gpkWLbV6kSgwZoRbH
3lnGOfwYAszvu0hQ8ZOKQwa11BzEBNtuz3S2DuIhO4CHdrbgV206keFH9g6DaYHS
5u7nteY0FcriOF0JCPxU2XfvkisgeAMTOnveG+n8RjZ0s+eedFRYBHeuFhrTWL3M
CKU4/B0jM6blXCt9iHQEoH2EksZh9KydJqzOZsECu6ZdMe6+9jxXj9MZ2VmFLkxB
prliZHGWM4bAmr4AcsGNRxImQ9CS9i8YW2HbOJHPHV29XsgDTa2rtEW/hS2bjTau
2VNACGZzSM6jqd+cBCqx+zgQNeylIQFRv7CKhiv2uTT2BI634M185QIQ1ZwmEMWW
yyD4tqLu4LQ9xDqLctWqLRxcVudhxtZM3xNxlBDtc/SPOeMdH4blGcVzlH5eypz4
V56otsxaJ6NUMU026lGjAwbKDz5IzuJWxh6aa1SIJ+LVYWiZu6CLdzCwJUHrv5Kk
dz9e9bXPQ31jieiBf0hwojg6A5FFDKO5+l2tFrCBg4AiozxyQH7gdz9t+Rfylib7
4IQYkhtJEzP+JlxrY662bTXn0LfXntHw0+GLgiKjCs/3Pqv3s/Ljlf7jOFywOpH5
ak1SavdaSbAoBnLd5gbL
=WyUf
-----END PGP SIGNATURE-----
--734kl7bjq6u25mo3--
