"Defensive" BGP hijacking?

Hugo Slabbert hugo at slabnet.com
Mon Sep 12 18:14:02 UTC 2016


On Mon 2016-Sep-12 14:07:47 -0400, Jean-Francois Mezei <jfmezei_nanog at vaxination.ca> wrote:

>On 2016-09-11 16:54, Hugo Slabbert wrote:
>> Hopefully this is operational enough, though obviously leaning more towards the policy side of things:
>>
>> What does nanog think about a DDoS scrubber hijacking a network "for defensive purposes"?
>
>
>Different spin but still "highjacking":
>
>Many moons ago, iStop, a small ISP in Canada saw its services from Bell
>Canada (access to last mile) cut.  However, its core network and transit
>was still functional for a number of months.
>
>ISP2 quickly offered to rescue the stranded customers. Once registred
>with ISP2, a customer would see the DSL signal re-instated by Bell (now
>paid by ISP2) but would continue to be handed IPs that belonged to iStop.
>
>ISP2 made use of the continuing transit capacity from the iStop router
>which therefore continued to make BGP announcements for the iStop IP
>blocks (and the iStop router then just sent everythingt o ISP2's router
>for distribution to end users). During this time, the iStop IP blocks
>continued to belong to iStop from ARIn's point of view.
>
>Eventually the transit to the iStop router stopped. That day, former
>iStop customers now on ISP2 saw their access to internet essentially
>killed. At that point, the iStop IP blocks still had not been transfered
>to ISP2.
>
>To save the day, ISP3 kicked in and started to make BGP annoucements for
>iStop IPs and redirected the traffic to ISP2.
>
>At that point, ISP3 hijacked iStop's IPs, but it was done to help the
>situation, not to steal traffic or anything. (In fact, I think the GBP
>announcements from ISP3 pointed to ISP2 routers).
>
>Eventually, the iStop IP blocks was transfered to ISP2 which was then
>legally able to do the BGP announcements for those IPs.
>
>So there are some cases where BGP hijacking may be desirable. I guess
>this is where judgement kicks in.
>

Was this all done at iStop's request and with their full support?

-- 
Hugo Slabbert       | email, xmpp/jabber: hugo at slabnet.com
pgp key: B178313E   | also on Signal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20160912/635cf4da/attachment.sig>


More information about the NANOG mailing list