On Mon 2016-Sep-12 14:07:47 -0400, Jean-Francois Mezei <jfmezei_nanog@vaxination.ca> wrote:
On 2016-09-11 16:54, Hugo Slabbert wrote:
Hopefully this is operational enough, though obviously leaning more towards the policy side of things:
What does nanog think about a DDoS scrubber hijacking a network "for defensive purposes"?
Different spin but still "highjacking":
Many moons ago, iStop, a small ISP in Canada saw its services from Bell Canada (access to last mile) cut. However, its core network and transit was still functional for a number of months.
ISP2 quickly offered to rescue the stranded customers. Once registred with ISP2, a customer would see the DSL signal re-instated by Bell (now paid by ISP2) but would continue to be handed IPs that belonged to iStop.
ISP2 made use of the continuing transit capacity from the iStop router which therefore continued to make BGP announcements for the iStop IP blocks (and the iStop router then just sent everythingt o ISP2's router for distribution to end users). During this time, the iStop IP blocks continued to belong to iStop from ARIn's point of view.
Eventually the transit to the iStop router stopped. That day, former iStop customers now on ISP2 saw their access to internet essentially killed. At that point, the iStop IP blocks still had not been transfered to ISP2.
To save the day, ISP3 kicked in and started to make BGP annoucements for iStop IPs and redirected the traffic to ISP2.
At that point, ISP3 hijacked iStop's IPs, but it was done to help the situation, not to steal traffic or anything. (In fact, I think the GBP announcements from ISP3 pointed to ISP2 routers).
Eventually, the iStop IP blocks was transfered to ISP2 which was then legally able to do the BGP announcements for those IPs.
So there are some cases where BGP hijacking may be desirable. I guess this is where judgement kicks in.
Was this all done at iStop's request and with their full support? -- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com pgp key: B178313E | also on Signal