"Defensive" BGP hijacking?

Mel Beckman mel at beckman.org
Tue Sep 13 02:08:48 UTC 2016


Bryant from BackConnect (bryant at backconnect.com<mailto:bryant at backconnect.com>) has replied to me directly. He is a Nanog repeat attendee, but hasn't been subscribed to this list. Bryant says he is subscribing now and will post some clarifying comments shortly. I would share the content of his email, but he didn't explicitly give me permission for that, so I'll let him repeat anything that needs repeating.

This looks to me like ISP community governance in the best sense. I look forward to thoughtful discussion.

 -mel beckman

On Sep 12, 2016, at 2:03 PM, Paras Jha <paras at protrafsolutions.com<mailto:paras at protrafsolutions.com>> wrote:

Well don't forget, normal attacks launched from vDOS were around 8 -
16gbps.

On the Krebs article, he mentions "the company received an email directly
from vDOS claiming credit for the attack"

Now, if this holds true, it's likely that the operator of vDOS (Apple J4ck
was his moniker) was directing the full resources of the network towards
BackConnect. Given that Brian indicated that at any given time vDOS could
be launching 10 - 15 times (9 "DDoS years" or something in a few months),
the full force of the vDOS network could easily amount to 200gbps.

This behavior is never defensible nor acceptable.

In addition to being in the wrong with BGP hijacking a prefix, it
appears that Mr. Townsend had the wrong target, too. We've been
attacked a few dozen times by this botnet, and they could never muster
anything near 200 gbps worth of traffic. They were orders of magnitude
smaller, only around 8-16 gbps depending on attack.

Mr. Townsend's motives were wrong and so was his information.



More information about the NANOG mailing list