[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"Defensive" BGP hijacking?

Subject: "Defensive" BGP hijacking?
From: blake at ispn.net (Blake Hudson)
Date: Mon, 12 Sep 2016 11:55:14 -0500
In-reply-to: <[email protected]>
References: <[email protected]>

Scott Weeks wrote on 9/12/2016 11:31 AM:
>
> I am somewhat in agreement with Mel:
>
> "This thoughtless action requires a response from the community, and an
> apology from BackConnect.   If we can't police ourselves, someone we
> don't like will do it for us. "
>
> But the first part seems to verge on vigilantism.  Solutions are hard.
> BGP filters should be in place.  Maybe that's the non-vigilante response.
> Force filters somehow.
>
> However, this has all been discussed over and over here...  ;-)
>
>
> scott
I agree that Mel's response is well reasoned and thoughtful.

Regarding my mention of a pattern of fraudulent behavior: RIPE indicates 
that BackConnect has recently announced 55 IP prefixes via BGP 
(https://stat.ripe.net/widget/as-routing-consistency#w.resource=AS203959), 
even though they only appear to have 5 IP4 allocations and are currently 
only announcing 8 /24 prefixes. Given BackConnect's position as an 
anti-ddos provider it would not be unusual for them to announce the IP 
space of other organizations. One would likely need to confirm with the 
owners of each of these 55 prefixes as to whether BackConnect had 
authorization to announce this address space.

Based on the announcement of 82.118.233.0/24, it appears that BGP 
filters are either not in place for BackConnect or are modified without 
sufficient procedures to verify authorization.

References:
- "Defensive" BGP hijacking?
  - From: surfer at mauigateway.com (Scott Weeks)

Prev by Date: "Defensive" BGP hijacking?
Next by Date: "Defensive" BGP hijacking?
Previous by thread: "Defensive" BGP hijacking?
Next by thread: "Defensive" BGP hijacking?
Index(es):
- Date
- Thread