"Defensive" BGP hijacking?

Richard Hesse richard.hesse at weebly.com
Mon Sep 12 17:32:18 UTC 2016

This behavior is never defensible nor acceptable.

In addition to being in the wrong with BGP hijacking a prefix, it
appears that Mr. Townsend had the wrong target, too. We've been
attacked a few dozen times by this botnet, and they could never muster
anything near 200 gbps worth of traffic. They were orders of magnitude
smaller, only around 8-16 gbps depending on attack.

Mr. Townsend's motives were wrong and so was his information.


On Sun, Sep 11, 2016 at 8:54 PM, Hugo Slabbert <hugo at slabnet.com> wrote:
> Hopefully this is operational enough, though obviously leaning more towards the policy side of things:
> What does nanog think about a DDoS scrubber hijacking a network "for defensive purposes"?
> http://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-israel/
> "For about six hours, we were seeing attacks of more than 200 Gbps hitting us,” Townsend explained. “What we were doing was for defensive purposes. We were simply trying to get them to stop and to gather as much information as possible about the botnet they were using and report that to the proper authorities.”
> --
> Hugo Slabbert       | email, xmpp/jabber: hugo at slabnet.com
> pgp key: B178313E   | also on Signal

More information about the NANOG mailing list