[102187] in North American Network Operators' Group
Re: Blackholing traffic by ASN
daemon@ATHENA.MIT.EDU (Justin Shore)
Thu Jan 31 10:46:10 2008
Date: Thu, 31 Jan 2008 09:29:35 -0600
From: Justin Shore <justin@justinshore.com>
To: nanog@merit.edu
In-Reply-To: <47A10940.50007@justinshore.com>
Errors-To: owner-nanog@merit.edu
Justin Shore wrote:
> The ASN I'm referring to is that of the Russian Business Network. A
> Google search should turn up plenty of info for those that haven't heard
> of them.
Thanks for the replies. They were along the lines of what I was
expecting (as-path ACL filtering & route-maps). I was wondering if
there was some new trick that was easier and more robust. This will
work though!
I saw that AS40989 fell off the 'Net a while back. That happened once
or twice before if memory serves me correctly and they came back a while
later in force. We'll see what happens this time. Some of RBN's old
netblocks are also no longer in the global tables. I'm not sure what's
going on with that but... I'm going to have to do a little more
research on their current Inet sources to see if I can locate them. It
looks like Wikipedia has a fair amount of information and a large number
of links to additional information.
http://en.wikipedia.org/wiki/Russian_Business_Network
I'm going to have to put a little more effort towards getting my
blackhole operational. If anyone has any good links to docs or advice
on what not to do I'd love to see them. I've found a great deal of
information on the 'Net but lessons learned from those who've already
been there done that is always welcome.
I hadn't considered what Danny pointed out about the origin AS
advertising other routes to create an effective DoS mechanism. That
would be a concern and would require a great deal of forethought. Null
routing prefixes would probably be the best course of action.
Thanks for the insight.
Justin
