On Tuesday, September 13, 2016, Doug Montgomery <dougm.w...@gmail.com> wrote:
> If only there were a global system, with consistent and verifiable security > properties, to permit address holders to declare the set of AS's authorized > to announce their prefixes, and routers anywhere on the Internet to > independently verify the corresponding validity of received announcements. > > *cough https://www.nanog.org/meetings/abstract?id=2846 cough* > > I now return us to our discussion of network police, questionnaires for > network security, and the use of beer as a motivating force. > > dougm > > Interesting that backconnect has invalid ROA issued http://bgp.he.net/AS203959#_prefixes On Tue, Sep 13, 2016 at 2:51 PM, Mel Beckman <m...@beckman.org <javascript:;>> > wrote: > > > Blake, > > > > I concur that these are key questions. Probably _the_ key questions. The > > fabric of the Internet is today based on trust, and BGP's integrity is > the > > core of that trust. > > > > I realize that BGP hijacking is not uncommon. However, this is the first > > time I've seen in it used defensively. I don't see a way to ever bless > this > > kind of defensive use without compromising that core trust. If Internet > > reachability depends on individual providers believing that they are > > justified in violating that trust when they are attacked, how can the > > Internet stand? > > > > In addition to the question posed to Bryant about whether he would take > > this action again, I would like to add: what about the innocent parties > > impacted by your actions? Or do you take the position there were no > > innocent parties in the hijacked prefixes? > > > > -mel via cell > > > > > On Sep 13, 2016, at 11:40 AM, Blake Hudson <bl...@ispn.net > <javascript:;>> wrote: > > > > > > > > > > > > Bryant Townsend wrote on 9/13/2016 2:22 AM: > > >> This was the point where I decided > > >> I needed to go on the offensive to protect myself, my partner, > visiting > > >> family, and my employees. The actions proved to be extremely > effective, > > as > > >> all forms of harassment and threats from the attackers immediately > > stopped. > > > > > > > > > Bryant, what actions, exactly, did you take? This topic seems > > intentionally glossed over while you spend a much larger amount of time > > explaining the back story and your motivations rather than your actions. > > > > > > Questions I was left with: > > > > > > 1. What prefixes have you announced without permission (not just this > > > event)? > > > 2. How did you identify these prefixes? > > > 3. Did you attempt to contact the owner of these prefixes? > > > 4. Did you attempt to contact the origin or transit AS of these > prefixes? > > > 5. What was the process to get your upstream AS to accept these prefix > > > announcements? > > > 6. Was your upstream AS complicit in allowing you to announce prefixes > > > you did not have authorization to announce? > > > > > > > > > -- > DougM at Work >
