"Defensive" BGP hijacking?

• Previous message (by thread): "Defensive" BGP hijacking?
• Next message (by thread): "Defensive" BGP hijacking?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

While I was reading the krebsonsecurity.com article cited below, the site, hosted at Akamai address 72.52.7.144, became non responsive and now appears to be offline. Traceroutes stop before the Akamai-SWIPed border within Telia, as if blackholed (but adjacent IPs pass through to Akamai):

traceroute to krebsonsecurity.com (72.52.7.144), 64 hops max, 40 byte packets
 1  router1.sb.becknet.com (206.83.0.1)  0.771 ms  0.580 ms  0.342 ms
 2  206-190-77-9.static.twtelecom.net (206.190.77.9)  0.715 ms  1.026 ms  0.744 ms
 3  ae1-90g.ar7.lax1.gblx.net (67.17.75.18)  9.532 ms  6.567 ms  2.912 ms
 4  ae10.edge1.losangeles9.level3.net (4.68.111.21)  2.919 ms  2.925 ms  2.904 ms
 5  telia-level3-4x10g.losangeles.level3.net (4.68.70.130)  3.981 ms  3.567 ms  3.401 ms
 6  sjo-b21-link.telia.net (62.115.116.40)  11.209 ms  11.140 ms  11.161 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *

Weird coincidence?

 -mel beckman

> On Sep 20, 2016, at 6:46 PM, Hugo Slabbert <hugo at slabnet.com> wrote:
> 
> Lucy, you got some (*serious*) 'splainin to do...
> 
> http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/
> http://krebsonsecurity.com/2016/09/ddos-mitigation-firm-has-history-of-hijacks/
> 
> -- 
> Hugo Slabbert       | email, xmpp/jabber: hugo at slabnet.com
> pgp key: B178313E   | also on Signal
> 
>> On Sun 2016-Sep-18 22:25:44 -0400, Tom Beecher <beecher at beecher.cc> wrote:
>> 
>> So after reading your explanation of things...
>> 
>> Your technical protections for your client proved sufficient to handle the
>> attack. You took OFFENSIVE action by hijacking the IP space. By your own
>> statements, it was only in response to threats against your company. You
>> were no longer providing DDoS protection to a client. You were exacting a
>> vendetta against someone who was being MEAN to you. Even if that person
>> probably deserved it, you still cannot do what was done.
>> 
>> I appreciate the desire to want to protect friends and family from
>> anonymous threats, and also realize how ill equipped law enforcement
>> usually is while something like this is occurring.
>> 
>> However, in my view, by taking the action you did, you have shown your
>> company isn't ready to be operating in the security space. Being threatened
>> by bad actors is a nominal part of doing business in the security space.
>> Unfortunately you didn't handle it well, and I think that will stick to you
>> for a long time.
>> 
>> On Tue, Sep 13, 2016 at 3:29 PM, Bryant Townsend <bryant at backconnect.com>
>> wrote:
>> 
>>> @ca & Matt - No, we do not plan to ever intentionally perform a
>>> non-authorized BGP hijack in the future.
>>> 
>>> @Steve - Correct, the attack had already been mitigated. The decision to
>>> hijack the attackers IP space was to deal with their threats, which if
>>> carried through could have potentially lead to physical harm. Although the
>>> hijack gave us a unique insight into the attackers services, it was not a
>>> factor that influenced my decision.
>>> 
>>> @Blake & Mel - We will likely cover some of these questions in a future
>>> blog post.
>>> 

• Previous message (by thread): "Defensive" BGP hijacking?
• Next message (by thread): "Defensive" BGP hijacking?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]