Re: "Defensive" BGP hijacking?

[Mel Beckman <mel () beckman org>]

Bryant from BackConnect (bryant () backconnect com<mailto:bryant () backconnect com>) has replied to me directly. He is 
a Nanog repeat attendee, but hasn't been subscribed to this list. Bryant says he is subscribing now and will post some 
clarifying comments shortly. I would share the content of his email, but he didn't explicitly give me permission for 
that, so I'll let him repeat anything that needs repeating.

This looks to me like ISP community governance in the best sense. I look forward to thoughtful discussion.

 -mel beckman

On Sep 12, 2016, at 2:03 PM, Paras Jha <paras () protrafsolutions com<mailto:paras () protrafsolutions com>> wrote:

Well don't forget, normal attacks launched from vDOS were around 8 -
16gbps.

On the Krebs article, he mentions "the company received an email directly
from vDOS claiming credit for the attack"

Now, if this holds true, it's likely that the operator of vDOS (Apple J4ck
was his moniker) was directing the full resources of the network towards
BackConnect. Given that Brian indicated that at any given time vDOS could
be launching 10 - 15 times (9 "DDoS years" or something in a few months),
the full force of the vDOS network could easily amount to 200gbps.

This behavior is never defensible nor acceptable.

In addition to being in the wrong with BGP hijacking a prefix, it
appears that Mr. Townsend had the wrong target, too. We've been
attacked a few dozen times by this botnet, and they could never muster
anything near 200 gbps worth of traffic. They were orders of magnitude
smaller, only around 8-16 gbps depending on attack.

Mr. Townsend's motives were wrong and so was his information.