"Defensive" BGP hijacking?

Ca By cb.list6 at gmail.com
Wed Sep 14 00:08:38 UTC 2016


On Tuesday, September 13, 2016, Doug Montgomery <dougm.work at gmail.com>
wrote:

> If only there were a global system, with consistent and verifiable security
> properties, to permit address holders to declare the set of AS's authorized
> to announce their prefixes, and routers anywhere on the Internet to
> independently verify the corresponding validity of received announcements.
>
> *cough      https://www.nanog.org/meetings/abstract?id=2846     cough*
>
> I now return us to our discussion of network police, questionnaires for
> network security, and the use of beer as a motivating force.
>
> dougm
>
>
Interesting that backconnect has invalid ROA issued

http://bgp.he.net/AS203959#_prefixes

On Tue, Sep 13, 2016 at 2:51 PM, Mel Beckman <mel at beckman.org <javascript:;>>
> wrote:
>
> > Blake,
> >
> > I concur that these are key questions. Probably _the_ key questions. The
> > fabric of the Internet is today based on trust, and BGP's integrity is
> the
> > core of that trust.
> >
> > I realize that BGP hijacking is not uncommon. However, this is the first
> > time I've seen in it used defensively. I don't see a way to ever bless
> this
> > kind of defensive use without compromising that core trust. If Internet
> > reachability depends on individual providers believing that they are
> > justified in violating that trust when they are attacked, how can the
> > Internet stand?
> >
> > In addition to the question posed to Bryant about whether he would take
> > this action again, I would like to add: what about the innocent parties
> > impacted by your actions? Or do you take the position there were no
> > innocent parties in the hijacked prefixes?
> >
> > -mel via cell
> >
> > > On Sep 13, 2016, at 11:40 AM, Blake Hudson <blake at ispn.net
> <javascript:;>> wrote:
> > >
> > >
> > >
> > > Bryant Townsend wrote on 9/13/2016 2:22 AM:
> > >> This was the point where I decided
> > >> I needed to go on the offensive to protect myself, my partner,
> visiting
> > >> family, and my employees. The actions proved to be extremely
> effective,
> > as
> > >> all forms of harassment and threats from the attackers immediately
> > stopped.
> > >
> > >
> > > Bryant, what actions, exactly, did you take? This topic seems
> > intentionally glossed over while you spend a much larger amount of time
> > explaining the back story and your motivations rather than your actions.
> > >
> > > Questions I was left with:
> > >
> > > 1. What prefixes have you announced without permission (not just this
> > >   event)?
> > > 2. How did you identify these prefixes?
> > > 3. Did you attempt to contact the owner of these prefixes?
> > > 4. Did you attempt to contact the origin or transit AS of these
> prefixes?
> > > 5. What was the process to get your upstream AS to accept these prefix
> > >   announcements?
> > > 6. Was your upstream AS complicit in allowing you to announce prefixes
> > >   you did not have authorization to announce?
> > >
> >
>
>
>
> --
> DougM at Work
>



More information about the NANOG mailing list