nanog mailing list archives

Re: "Defensive" BGP hijacking?

From: Blake Hudson <blake () ispn net>
Date: Tue, 13 Sep 2016 15:22:10 -0500

Ca By wrote on 9/13/2016 2:53 PM:

On Tuesday, September 13, 2016, Bryant Townsend <bryant () backconnect com>
wrote:

@ca & Matt - No, we do not plan to ever intentionally perform a
non-authorized BGP hijack in the future.

Great answer.  Thanks.

Committing to pursuing a policy of weaponizing BGP would have triggered a
serious "terms of service" violations that would have effectively ended
your business swiftly and permanently.

Tip to the RIR policy folks, you may want to make this point very crisp. A
BGP ASN is the fundamental accountability control in a inter-domain
routing. Organizations with repeated offensense need to have their ASN
revoked, and further there should be controls in places so bad actors
cannot acquire "burner" ASNs.

@Steve - Correct, the attack had already been mitigated. The decision to
hijack the attackers IP space was to deal with their threats, which if
carried through could have potentially lead to physical harm. Although the
hijack gave us a unique insight into the attackers services, it was not a
factor that influenced my decision.

@Blake & Mel - We will likely cover some of these questions in a future
blog post.

Ca, and the community, I don't make the leap. How does attacking someoneby hijacking their IP space mitigate a physical threat? How doesimpeding someone's access to the internet access prevent them fromperforming an act of physical violence against you? If a party threatensme, would I be justified in attacking him or her? In my experience,attacking someone is more likely to escalate a situation - notdeescalate it.

Bryant did weaponize BGP and stated he stands by his actions and furtherindicated that he will use what he learned here to shape handling offuture situations:

I have spent a
long time reflecting on my decision and how it may negatively impact the
company and myself in some people’s eyes, but ultimately I stand by it. The
experience and feedback I have gained from these events has proven
invaluable and will be used to shape the policies surrounding the future
handling of similar situations.

When I read Bryant's comments, I see justification and excuses for hisbehavior. I do not see an apology nor admission of wrongdoing. I believewhat Bryant did was wrong and I would hate for others to be allowed toact similarly without consequence.

Current thread:

Re: "Defensive" BGP hijacking?, (continued)
- - - Re: "Defensive" BGP hijacking? Matt Freitag (Sep 13)
  - Re: "Defensive" BGP hijacking? Ryan, Spencer (Sep 13)
  - Re: "Defensive" BGP hijacking? Blake Hudson (Sep 13)
    - Re: "Defensive" BGP hijacking? Mel Beckman (Sep 13)
    - Re: "Defensive" BGP hijacking? Doug Montgomery (Sep 13)
    - Re: "Defensive" BGP hijacking? Ca By (Sep 13)
    - Re: "Defensive" BGP hijacking? Sandra Murphy (Sep 14)
  - Re: "Defensive" BGP hijacking? Steve Atkins (Sep 13)
    - Re: "Defensive" BGP hijacking? Bryant Townsend (Sep 13)
    - Re: "Defensive" BGP hijacking? Ca By (Sep 13)
    - Re: "Defensive" BGP hijacking? Blake Hudson (Sep 13)
    - Re: "Defensive" BGP hijacking? Hank Nussbacher (Sep 13)
    - Re: "Defensive" BGP hijacking? Tom Beecher (Sep 18)
    - Re: "Defensive" BGP hijacking? Hugo Slabbert (Sep 20)
    - Re: "Defensive" BGP hijacking? Mel Beckman (Sep 20)
    - Re: "Defensive" BGP hijacking? Justin Paine via NANOG (Sep 20)
    - Re: "Defensive" BGP hijacking? Tom Beecher (Sep 20)
    - Re: "Defensive" BGP hijacking? Bryant Townsend (Sep 20)
  - Re: "Defensive" BGP hijacking? Hunter Fuller (Sep 13)
- Re: "Defensive" BGP hijacking? Scott Weeks (Sep 13)
  - Re: "Defensive" BGP hijacking? Hugo Slabbert (Sep 13)

(Thread continues...)