"Defensive" BGP hijacking?

• Previous message (by thread): "Defensive" BGP hijacking?
• Next message (by thread): "Defensive" BGP hijacking?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday, September 13, 2016, Bryant Townsend <bryant at backconnect.com>
wrote:

> @ca & Matt - No, we do not plan to ever intentionally perform a
> non-authorized BGP hijack in the future.
>
>
Great answer.  Thanks.

Committing to pursuing a policy of weaponizing BGP would have triggered a
serious "terms of service" violations that would have effectively ended
your business swiftly and permanently.

Tip to the RIR policy folks, you may want to make this point very crisp. A
BGP ASN is the fundamental accountability control in a inter-domain
routing. Organizations with repeated offensense need to have their ASN
revoked, and further there should be controls in places so bad actors
cannot acquire "burner" ASNs.


@Steve - Correct, the attack had already been mitigated. The decision to
> hijack the attackers IP space was to deal with their threats, which if
> carried through could have potentially lead to physical harm. Although the
> hijack gave us a unique insight into the attackers services, it was not a
> factor that influenced my decision.
>
> @Blake & Mel - We will likely cover some of these questions in a future
> blog post.
>

• Previous message (by thread): "Defensive" BGP hijacking?
• Next message (by thread): "Defensive" BGP hijacking?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]