"Defensive" BGP hijacking?
blake at ispn.net
Mon Sep 12 16:55:14 UTC 2016
Scott Weeks wrote on 9/12/2016 11:31 AM:
> I am somewhat in agreement with Mel:
> "This thoughtless action requires a response from the community, and an
> apology from BackConnect. If we can't police ourselves, someone we
> don't like will do it for us. "
> But the first part seems to verge on vigilantism. Solutions are hard.
> BGP filters should be in place. Maybe that's the non-vigilante response.
> Force filters somehow.
> However, this has all been discussed over and over here... ;-)
I agree that Mel's response is well reasoned and thoughtful.
Regarding my mention of a pattern of fraudulent behavior: RIPE indicates
that BackConnect has recently announced 55 IP prefixes via BGP
even though they only appear to have 5 IP4 allocations and are currently
only announcing 8 /24 prefixes. Given BackConnect's position as an
anti-ddos provider it would not be unusual for them to announce the IP
space of other organizations. One would likely need to confirm with the
owners of each of these 55 prefixes as to whether BackConnect had
authorization to announce this address space.
Based on the announcement of 188.8.131.52/24, it appears that BGP
filters are either not in place for BackConnect or are modified without
sufficient procedures to verify authorization.
More information about the NANOG