[111794] in North American Network Operators' Group
Re: Global Blackhole Service
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Feb 13 11:29:05 2009
To: Jens Ott - PlusServer AG <j.ott@plusserver.de>
In-Reply-To: Your message of "Fri, 13 Feb 2009 15:57:32 +0100."
<49958A5C.2070200@plusserver.de>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 13 Feb 2009 11:28:57 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1234542537_3446P
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
On Fri, 13 Feb 2009 15:57:32 +0100, Jens Ott - PlusServer AG said:
> Therefore I had the following idea: Why not taking one of my old router=
s and
> set it up as blackhole-service. Then everyone who is interested could s=
et up a
> session to there and
>
> 1.) announce /32 (/128) routes out of his prefixes to blackhole them
> 2.) receive all the /32 (/128) announcements from the other peers with =
the IPs
> they want to have blackholed and rollout the blackhole to their network=
.
How do you vet proposed new entries to make sure that some miscreant does=
n't
DoS a legitimate site by claiming it is in need of black-holing? Note th=
at
it's a different problem space than a bogon BGP feed or a spam-source BGP=
feed - if the Cymru guys take another 6 hours to do a proper paperwork an=
d
background check to verify a bogon, or if Paul and company take another d=
ay
to verify something really *is* a cesspit of spam sources, it doesn't bre=
ak the
basic concept or usability of the feed.
You usually don't *have* a similar luxury if you're trying to deal with a=
DDoS, because those are essentially a real-time issue.
Oh, and cleaning up an entry in a timely fashion is also important, other=
wise
an attacker can launch a DDoS, get the target into the feed, and walk awa=
y...
--==_Exmh_1234542537_3446P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFJlZ/JcC3lWbTT17ARAlNnAKC/TuAAklinjols/SpyOp+sCL26SwCbBvOX
87czD0wfHEAKBiRmhR3LKUI=
=FjPn
-----END PGP SIGNATURE-----
--==_Exmh_1234542537_3446P--
