nanog mailing list archives
Re: "Defensive" BGP hijacking?
From: Tom Beecher <beecher () beecher cc>
Date: Tue, 20 Sep 2016 23:28:47 -0400
Brian Krebs tweeted out that Prolexic reported a 665Gbps attack directed at his site. https://twitter.com/briankrebs/status/778398865619836928 On Tue, Sep 20, 2016 at 11:21 PM, Mel Beckman <mel () beckman org> wrote:
While I was reading the krebsonsecurity.com article cited below, the site, hosted at Akamai address 72.52.7.144, became non responsive and now appears to be offline. Traceroutes stop before the Akamai-SWIPed border within Telia, as if blackholed (but adjacent IPs pass through to Akamai): traceroute to krebsonsecurity.com (72.52.7.144), 64 hops max, 40 byte packets 1 router1.sb.becknet.com (206.83.0.1) 0.771 ms 0.580 ms 0.342 ms 2 206-190-77-9.static.twtelecom.net (206.190.77.9) 0.715 ms 1.026 ms 0.744 ms 3 ae1-90g.ar7.lax1.gblx.net (67.17.75.18) 9.532 ms 6.567 ms 2.912 ms 4 ae10.edge1.losangeles9.level3.net (4.68.111.21) 2.919 ms 2.925 ms 2.904 ms 5 telia-level3-4x10g.losangeles.level3.net (4.68.70.130) 3.981 ms 3.567 ms 3.401 ms 6 sjo-b21-link.telia.net (62.115.116.40) 11.209 ms 11.140 ms 11.161 ms 7 * * * 8 * * * 9 * * * 10 * * * Weird coincidence? -mel beckmanOn Sep 20, 2016, at 6:46 PM, Hugo Slabbert <hugo () slabnet com> wrote: Lucy, you got some (*serious*) 'splainin to do... http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/ http://krebsonsecurity.com/2016/09/ddos-mitigation-firm-has-history-of-hijacks/-- Hugo Slabbert | email, xmpp/jabber: hugo () slabnet com pgp key: B178313E | also on SignalOn Sun 2016-Sep-18 22:25:44 -0400, Tom Beecher <beecher () beecher cc>wrote:So after reading your explanation of things... Your technical protections for your client proved sufficient to handletheattack. You took OFFENSIVE action by hijacking the IP space. By your own statements, it was only in response to threats against your company. You were no longer providing DDoS protection to a client. You were exactingavendetta against someone who was being MEAN to you. Even if that person probably deserved it, you still cannot do what was done. I appreciate the desire to want to protect friends and family from anonymous threats, and also realize how ill equipped law enforcement usually is while something like this is occurring. However, in my view, by taking the action you did, you have shown your company isn't ready to be operating in the security space. Beingthreatenedby bad actors is a nominal part of doing business in the security space. Unfortunately you didn't handle it well, and I think that will stick toyoufor a long time. On Tue, Sep 13, 2016 at 3:29 PM, Bryant Townsend <bryant () backconnect com>wrote:@ca & Matt - No, we do not plan to ever intentionally perform a non-authorized BGP hijack in the future. @Steve - Correct, the attack had already been mitigated. The decisiontohijack the attackers IP space was to deal with their threats, which if carried through could have potentially lead to physical harm. Althoughthehijack gave us a unique insight into the attackers services, it wasnot afactor that influenced my decision. @Blake & Mel - We will likely cover some of these questions in a future blog post.
Current thread:
- Re: "Defensive" BGP hijacking?, (continued)
- Re: "Defensive" BGP hijacking? Sandra Murphy (Sep 14)
- Re: "Defensive" BGP hijacking? Steve Atkins (Sep 13)
- Re: "Defensive" BGP hijacking? Bryant Townsend (Sep 13)
- Re: "Defensive" BGP hijacking? Ca By (Sep 13)
- Re: "Defensive" BGP hijacking? Blake Hudson (Sep 13)
- Re: "Defensive" BGP hijacking? Hank Nussbacher (Sep 13)
- Re: "Defensive" BGP hijacking? Tom Beecher (Sep 18)
- Re: "Defensive" BGP hijacking? Hugo Slabbert (Sep 20)
- Re: "Defensive" BGP hijacking? Mel Beckman (Sep 20)
- Re: "Defensive" BGP hijacking? Justin Paine via NANOG (Sep 20)
- Re: "Defensive" BGP hijacking? Tom Beecher (Sep 20)
- Re: "Defensive" BGP hijacking? Bryant Townsend (Sep 20)
- Re: "Defensive" BGP hijacking? Hugo Slabbert (Sep 13)
- Re: "Defensive" BGP hijacking? Bryant Townsend (Sep 13)
- Re: "Defensive" BGP hijacking? Mel Beckman (Sep 14)
- Re: "Defensive" BGP hijacking? Doug Montgomery (Sep 15)
- Re: "Defensive" BGP hijacking? Mel Beckman (Sep 14)