[sg-ops] Recent NANOG booting of BGP hijacker

Andy Davidson andy at nosignal.org
Thu Jul 12 16:09:40 +08 2018 

Dear Sanjeev, all –

I think there is a huge difference between having an opinion on an application which is carried on the exchange, and taking action, -vs- an attack on the internet which is caused by deliberate malicious action, or incompetence of configuration.  For exchange points (and for any SHARED medium) to be useful, they must function with a set of community norms and one of those norms must be to exclude actors who allow attacks on the network to propagate.

A few other thoughts on this from an IXP operator point of view: Well run IXPs should also play their part in mitigating accidental attacks and educating those who caused them – the MANRS initiative for IXPs is a good place to start: https://www.manrs.org/participants/ixp/

The recent BitCanal attacks show that ISP networks must filter their peers as well as their customers.  A good way to do that whilst readying your own systems is to ensure that you peer with networks that you can not specifically trust or filter via IXP MLP route-servers which apply strict filtering.  A list of IXPs which do that is on the MANRS site (as it’s a mandatory requirement for a MANRS compliant MLP).  This is such an important feature for the modern internet that when we built the Asteroid automated IXP software, we did not create a mechanism for creating an MLP peering session without a prefix list to act as a filter.

Happy peering,
Andy



--
Andy Davidson            Asteroid International BV
https://www.asteroidhq.com    @asteroidhq   @andyd
--------------------------------------------------
Local interconnection.          Where you need it.




From: Sgops <sgops-bounces at list.sgnog.net> on behalf of Sanjeev Gupta <sanjeev at dcs1.biz>
Date: Wednesday, 11 July 2018 at 03:44
To: Nicholas ONG <nicholas at flarez.net>
Cc: "sgops at list.sgnog.net" <sgops at list.sgnog.net>
Subject: Re: [sg-ops] Recent NANOG booting of BGP hijacker

From the blog:

> Even if abuse didn’t take place across your exchange, you can still consider disconnection to mitigate future risk

So the Terms of Service of the IXP are "if my friends don't like you, you are out"?

I lost access at Tehran IX, because I allowed Facebook traffic, so now AMS must kick me out?



--
Sanjeev Gupta
+65 98551208   http://sg.linkedin.com/in/ghane

On Wed, Jul 11, 2018 at 8:51 AM, Nicholas ONG <nicholas at flarez.net<mailto:nicholas at flarez.net>> wrote:
For those (especially IXP and transit operators) who haven't been following this in NANOG, this is an interesting case.

https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/
Nicholas Ong


_______________________________________________
Sgops mailing list
Sgops at list.sgnog.net<mailto:Sgops at list.sgnog.net>
http://list.sgnog.net/listinfo/sgops

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.sgnog.net/pipermail/sgops/attachments/20180712/03953f5f/attachment.html>

More information about the Sgops mailing list