Blackholing traffic by ASN

Justin Shore justin at justinshore.com
Thu Jan 31 15:29:35 UTC 2008


Justin Shore wrote:
> The ASN I'm referring to is that of the Russian Business Network.  A 
> Google search should turn up plenty of info for those that haven't heard 
> of them.

Thanks for the replies.  They were along the lines of what I was 
expecting (as-path ACL filtering & route-maps).  I was wondering if 
there was some new trick that was easier and more robust.  This will 
work though!

I saw that AS40989 fell off the 'Net a while back.  That happened once 
or twice before if memory serves me correctly and they came back a while 
later in force.  We'll see what happens this time.  Some of RBN's old 
netblocks are also no longer in the global tables.  I'm not sure what's 
going on with that but...   I'm going to have to do a little more 
research on their current Inet sources to see if I can locate them.  It 
looks like Wikipedia has a fair amount of information and a large number 
of links to additional information.

http://en.wikipedia.org/wiki/Russian_Business_Network

I'm going to have to put a little more effort towards getting my 
blackhole operational.  If anyone has any good links to docs or advice 
on what not to do I'd love to see them.  I've found a great deal of 
information on the 'Net but lessons learned from those who've already 
been there done that is always welcome.

I hadn't considered what Danny pointed out about the origin AS 
advertising other routes to create an effective DoS mechanism.  That 
would be a concern and would require a great deal of forethought.  Null 
routing prefixes would probably be the best course of action.

Thanks for the insight.
  Justin



More information about the NANOG mailing list