[111791] in North American Network Operators' Group
Re: Global Blackhole Service
daemon@ATHENA.MIT.EDU (Nuno Vieira - nfsi telecom)
Fri Feb 13 10:12:49 2009
Date: Fri, 13 Feb 2009 15:07:45 +0000 (WET)
From: Nuno Vieira - nfsi telecom <nuno.vieira@nfsi.pt>
To: Jens Ott - PlusServer AG <j.ott@plusserver.de>
In-Reply-To: <49958A5C.2070200@plusserver.de>
Cc: nanog <nanog@nanog.org>
Reply-To: Nuno Vieira - nfsi telecom <nuno.vieira@nfsi.pt>
Errors-To: nanog-bounces@nanog.org
Hi Jens,
I think we are in the same boat.
We suffered the same problem often, on a lower magnitude, but if a project =
like this exists those DDoS could even be almost near zero.
This is somewhat similar to what Spamcop, and other folks do with SPAM toda=
y, but applied on a diferent scope, say, BGP Blackhole.
This service can span wide after just peers, opening the opportunity to edg=
e-to-edge DDoS mitigation.
Say, a network in .pt or .de is beign attacked at large, and dst operators =
inject the dst attacked source on the blackhole bgp feed... say that 100+=
other ops around the world use a cen=C3=A1rio like this... this might be v=
ery useful.
concers: the "autohority" or the "responsible" for maintaining this project=
, must assure that OP A or OP B can *only* annouce chunks that below to him=
, avoiding any case of hijack.
We would be interested in participating in something like this.
So,
> My questions to all of you:
>=20
> - - What do you think about such service?
It will be great. We are available to help.
> - - Would you/your ASN participate in such a service?
Yes.
> - - Do you see some kind of usefull feature in such a service?
Yes, a few thoughts above, some more might come up.
> - - Do you have any comments?
For starters, a few above.
Regards,
---
Nuno Vieira
nfsi telecom, lda.
nuno.vieira@nfsi.pt
Tel. (+351) 21 949 2300 - Fax (+351) 21 949 2301
http://www.nfsi.pt/
----- "Jens Ott - PlusServer AG" <j.ott@plusserver.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> Hi,
>=20
> in the last 24 hours we received two denial of service attacks with
> something
> like 6-8GBit volume. It did not harm us too much, but e.g. one of our
> upstreams got his Amsix-Port exploded.
>=20
> With our upstreams we have remote-blackhole sessions running where we
> announce
> /32 prefixes to blackhole at their edge, but this does not work with
> our
> peers. Also our Decix-Port received something like 2Gbit extra-traffic
> during
> this DoS.
>=20
> I can imagine, that for some peers, especially for the once having
> only a thin
> fiber (e.g. 1GBit) to Decix, it's not to funny having it flooded with
> a DoS
> and that they might be interested in dropping such traffic at their
> edge.
>=20
> Well I could discuss with my peers (at least the once who might get in
> trouble
> with such issue) to do some individual config for some
> blackhole-announcement,
> but most probably I'm not the only one receiving DoS and who would be
> interested in such setup.
>=20
> Therefore I had the following idea: Why not taking one of my old
> routers and
> set it up as blackhole-service. Then everyone who is interested could
> set up a
> session to there and
>=20
> 1.) announce /32 (/128) routes out of his prefixes to blackhole them
> 2.) receive all the /32 (/128) announcements from the other peers with
> the IPs
> they want to have blackholed and rollout the blackhole to their
> network.
>=20
> My questions to all of you:
>=20
> - - What do you think about such service?
> - - Would you/your ASN participate in such a service?
> - - Do you see some kind of usefull feature in such a service?
> - - Do you have any comments?
>=20
> Thank you for telling me your opinions and best regards
>=20
> - --
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> Jens Ott
> Leiter Network Management
>=20
> Tel: +49 22 33 - 612 - 3501
> Fax: +49 22 33 - 612 - 53501
>=20
> E-Mail: j.ott@plusserver.de
> GPG-Fingerprint: 808A EADF C476 FABE 2366 8402 31FD 328C C2CA 7D7A
>=20
> PlusServer AG
> Daimlerstra=C3=9Fe 9-11
> 50354 H=C3=BCrth
>=20
> Germany
>=20
> HRB 58428 / Amtsgericht K=C3=B6ln, USt-ID DE216 740 823
> Vorstand: Jochen Berger, Frank Gross, Jan Osthues, Thomas Strohe
> Aufsichtsratsvorsitz: Claudius Schmalschl=C3=A4ger
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>=20
> iEYEARECAAYFAkmVilwACgkQMf0yjMLKfXpNuQCeKcicthIadISe7I+Xs5ZNHS+1
> 0qUAnRDkOY9/6kokq3Hf68BRQFfkP3xy
> =3DjKUA
> -----END PGP SIGNATURE-----
