nanog mailing list archives
Re: "Defensive" BGP hijacking?
From: Rich Kulawiec <rsk () gsp org>
Date: Wed, 14 Sep 2016 18:34:09 -0400
On Wed, Sep 14, 2016 at 04:04:43PM -0400, Bryan Fields wrote:
I'm a bit ambivalent about BGP hijacking as a DDOS mitigation strategy. Really there is no authority to say it's wrong. If your peers are cool with it, and their peers are cool with it who's to say it's wrong?
Meeting abuse with abuse never works out. It's tempting (and even trendy these days in portions of the security world which advocate striking back at putative attackers, never mind that attack attribution is almost entirely an unsolved problem in computing). It's emotionally satisfying. It's sometimes momentarily effective. But all it really does it open up still more attack vectors and accelerate the spiral to the bottom. Object lesson: Verizon's deployment of SAV as an alleged anti-spam measure ~15 years ago. It didn't take long for attackers to figure out how to leverage it to their advantage, which of course they did. So don't do it. It may take 5 minutes or 5 years, but it will eventually become apparent that it's a really bad idea. And when it does, you won't be able to get those 5 minutes or 5 years back, nor will you be able to undo the damage. ---rsk
Current thread:
- Re: "Defensive" BGP hijacking?, (continued)
- Re: "Defensive" BGP hijacking? Mel Beckman (Sep 16)
- Re: "Defensive" BGP hijacking? Christopher Morrow (Sep 18)
- Re: "Defensive" BGP hijacking? Jean-Francois Mezei (Sep 14)
- Re: "Defensive" BGP hijacking? Bryan Fields (Sep 14)
- Re: "Defensive" BGP hijacking? Christopher Morrow (Sep 14)
- Re: "Defensive" BGP hijacking? John Curran (Sep 19)
- Re: "Defensive" BGP hijacking? Christopher Morrow (Sep 19)
- Re: "Defensive" BGP hijacking? John Curran (Sep 20)
- Re: "Defensive" BGP hijacking? Christopher Morrow (Sep 20)
- Re: "Defensive" BGP hijacking? John Curran (Sep 20)
- Re: "Defensive" BGP hijacking? Rich Kulawiec (Sep 14)
- Re: "Defensive" BGP hijacking? Sean Rose (Sep 18)