Home page logo

nanog logo nanog mailing list archives

Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)
From: Hal Murray <hmurray () megapathdsl net>
Date: Wed, 01 Feb 2012 02:12:19 -0800

I'm not a lawyer nor an operator.

Imagine that instead of www.google.com, it was www.whitehouse.gov

At some point, I suspect that this gets service to get it fixed RIGHT NOW.
At some point, the guys informing you it's RIGHT NOW show up with badges.

Where is Milo Medin when we need him?

The question is, when is it badges?  It can be construed as a denial of
service attack on the addresses' rightful owners.  They will respond to any
major government site being hijacked.  Probably to Apple or Google.  Likely
to a Tier-1 ISPs internal infrastructure. 

How long should it take to fix a problem like this?

Why didn't one of the players upstream from the bad guy pull their plug or 
drop the bogus announcement?  Why didn't any of the players between the first 
upstream and the tier 1s apply pressure?

Do existing contracts cover this case?  If not, what needs to be fixed?  Is a 
RFC needed so the lawyers have something to reference?

Would a session to discuss this at a NANOG gathering help?

a) law enforcement doesn't understand the problem. and b) the law moves
very slowly. 

It might be a good idea to make sure that somebody in law enforcement does 
understands what happened here so they can think about what who needs to do 
what the next time something like this happens.  (Make sure that operators 
know how to get in touch with somebody who knows.)

These are my opinions, not necessarily my employer's.  I hate spam.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]