Global Blackhole Service

Jens Ott - PlusServer AG j.ott at plusserver.de
Fri Feb 13 08:57:32 CST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

in the last 24 hours we received two denial of service attacks with something
like 6-8GBit volume. It did not harm us too much, but e.g. one of our
upstreams got his Amsix-Port exploded.

With our upstreams we have remote-blackhole sessions running where we announce
/32 prefixes to blackhole at their edge, but this does not work with our
peers. Also our Decix-Port received something like 2Gbit extra-traffic during
this DoS.

I can imagine, that for some peers, especially for the once having only a thin
fiber (e.g. 1GBit) to Decix, it's not to funny having it flooded with a DoS
and that they might be interested in dropping such traffic at their edge.

Well I could discuss with my peers (at least the once who might get in trouble
with such issue) to do some individual config for some blackhole-announcement,
but most probably I'm not the only one receiving DoS and who would be
interested in such setup.

Therefore I had the following idea: Why not taking one of my old routers and
set it up as blackhole-service. Then everyone who is interested could set up a
session to there and

1.) announce /32 (/128) routes out of his prefixes to blackhole them
2.) receive all the /32 (/128) announcements from the other peers with the IPs
they want to have blackholed and rollout the blackhole to their network.

My questions to all of you:

- - What do you think about such service?
- - Would you/your ASN participate in such a service?
- - Do you see some kind of usefull feature in such a service?
- - Do you have any comments?

Thank you for telling me your opinions and best regards

- --
===================================================================

Jens Ott
Leiter Network Management

Tel: +49 22 33 - 612 - 3501
Fax: +49 22 33 - 612 - 53501

E-Mail: j.ott at plusserver.de
GPG-Fingerprint: 808A EADF C476 FABE 2366  8402 31FD 328C C2CA 7D7A

PlusServer AG
Daimlerstraße 9-11
50354 Hürth

Germany

HRB 58428 / Amtsgericht Köln, USt-ID DE216 740 823
Vorstand: Jochen Berger, Frank Gross, Jan Osthues, Thomas Strohe
Aufsichtsratsvorsitz: Claudius Schmalschläger

===================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmVilwACgkQMf0yjMLKfXpNuQCeKcicthIadISe7I+Xs5ZNHS+1
0qUAnRDkOY9/6kokq3Hf68BRQFfkP3xy
=jKUA
-----END PGP SIGNATURE-----




More information about the NANOG mailing list