"Defensive" BGP hijacking?

Tom Beecher beecher at beecher.cc
Mon Sep 19 02:25:44 UTC 2016

So after reading your explanation of things...

Your technical protections for your client proved sufficient to handle the
attack. You took OFFENSIVE action by hijacking the IP space. By your own
statements, it was only in response to threats against your company. You
were no longer providing DDoS protection to a client. You were exacting a
vendetta against someone who was being MEAN to you. Even if that person
probably deserved it, you still cannot do what was done.

I appreciate the desire to want to protect friends and family from
anonymous threats, and also realize how ill equipped law enforcement
usually is while something like this is occurring.

However, in my view, by taking the action you did, you have shown your
company isn't ready to be operating in the security space. Being threatened
by bad actors is a nominal part of doing business in the security space.
Unfortunately you didn't handle it well, and I think that will stick to you
for a long time.

On Tue, Sep 13, 2016 at 3:29 PM, Bryant Townsend <bryant at backconnect.com>

> @ca & Matt - No, we do not plan to ever intentionally perform a
> non-authorized BGP hijack in the future.
> @Steve - Correct, the attack had already been mitigated. The decision to
> hijack the attackers IP space was to deal with their threats, which if
> carried through could have potentially lead to physical harm. Although the
> hijack gave us a unique insight into the attackers services, it was not a
> factor that influenced my decision.
> @Blake & Mel - We will likely cover some of these questions in a future
> blog post.

More information about the NANOG mailing list