"Defensive" BGP hijacking?
Blake Hudson
blake at ispn.net
Tue Sep 13 20:22:10 UTC 2016
Ca By wrote on 9/13/2016 2:53 PM:
> On Tuesday, September 13, 2016, Bryant Townsend <bryant at backconnect.com>
> wrote:
>
>> @ca & Matt - No, we do not plan to ever intentionally perform a
>> non-authorized BGP hijack in the future.
> Great answer. Thanks.
>
> Committing to pursuing a policy of weaponizing BGP would have triggered a
> serious "terms of service" violations that would have effectively ended
> your business swiftly and permanently.
>
> Tip to the RIR policy folks, you may want to make this point very crisp. A
> BGP ASN is the fundamental accountability control in a inter-domain
> routing. Organizations with repeated offensense need to have their ASN
> revoked, and further there should be controls in places so bad actors
> cannot acquire "burner" ASNs.
>
>> @Steve - Correct, the attack had already been mitigated. The decision to
>> hijack the attackers IP space was to deal with their threats, which if
>> carried through could have potentially lead to physical harm. Although the
>> hijack gave us a unique insight into the attackers services, it was not a
>> factor that influenced my decision.
>>
>> @Blake & Mel - We will likely cover some of these questions in a future
>> blog post.
>>
Ca, and the community, I don't make the leap. How does attacking someone
by hijacking their IP space mitigate a physical threat? How does
impeding someone's access to the internet access prevent them from
performing an act of physical violence against you? If a party threatens
me, would I be justified in attacking him or her? In my experience,
attacking someone is more likely to escalate a situation - not
deescalate it.
Bryant did weaponize BGP and stated he stands by his actions and further
indicated that he will use what he learned here to shape handling of
future situations:
> I have spent a
> long time reflecting on my decision and how it may negatively impact the
> company and myself in some people’s eyes, but ultimately I stand by it. The
> experience and feedback I have gained from these events has proven
> invaluable and will be used to shape the policies surrounding the future
> handling of similar situations.
When I read Bryant's comments, I see justification and excuses for his
behavior. I do not see an apology nor admission of wrongdoing. I believe
what Bryant did was wrong and I would hate for others to be allowed to
act similarly without consequence.
More information about the NANOG
mailing list