Blackholes and IXs and Completing the Attack.

• Previous message (by thread): Blackholes and IXs and Completing the Attack.
• Next message (by thread): Blackholes and IXs and Completing the Attack.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 

> anyway, the idea behind multi-as blackholing has been (and 
> apparently continues to get) rehashed a few times over the 
> last 5-8 years... good luck!

It seems that way. People seem to forget about the conversations and
work around 2000 - 2002. We not only had RTBH (static), multi AS
RTBH, Source based RTBH (why uRPF Loose check was created), BGP
Community based packet filtering (QPPB - source or destination),
Backscatter Traceback (Chris and Brian's cool technique), Customer
triggered RTBH (another Chris and Brian trick), BGP Shunts
(originally created for the Great Firewall), MAPS's grow (which had
multi-AS eBGP multihops BGP RTBHs back in 1997 for anti-SPAM
filtering), and then all the BGP Flow-Spec work.

We even have a RFC - 3882 Configuring BGP to Block Denial-of-Service
Attacks. by D. Turk. published in September 2004.

This is a good conversation for NANOG, but we really need to build up
some FAQ so we don't keep going over the same things every year. 

Barry  

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBR6Ys/7/UEA/xivvmEQK3pwCg/a7329AxsnBgmPT9kmHoSWXhd1AAnA8d
COSRO/CaIVnFOu0BIjbh5snD
=HANY
-----END PGP SIGNATURE-----

• Previous message (by thread): Blackholes and IXs and Completing the Attack.
• Next message (by thread): Blackholes and IXs and Completing the Attack.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]