Global Blackhole Service
Jens Ott - PlusServer AG
j.ott at plusserver.de
Fri Feb 13 14:57:32 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
in the last 24 hours we received two denial of service attacks with something
like 6-8GBit volume. It did not harm us too much, but e.g. one of our
upstreams got his Amsix-Port exploded.
With our upstreams we have remote-blackhole sessions running where we announce
/32 prefixes to blackhole at their edge, but this does not work with our
peers. Also our Decix-Port received something like 2Gbit extra-traffic during
I can imagine, that for some peers, especially for the once having only a thin
fiber (e.g. 1GBit) to Decix, it's not to funny having it flooded with a DoS
and that they might be interested in dropping such traffic at their edge.
Well I could discuss with my peers (at least the once who might get in trouble
with such issue) to do some individual config for some blackhole-announcement,
but most probably I'm not the only one receiving DoS and who would be
interested in such setup.
Therefore I had the following idea: Why not taking one of my old routers and
set it up as blackhole-service. Then everyone who is interested could set up a
session to there and
1.) announce /32 (/128) routes out of his prefixes to blackhole them
2.) receive all the /32 (/128) announcements from the other peers with the IPs
they want to have blackholed and rollout the blackhole to their network.
My questions to all of you:
- - What do you think about such service?
- - Would you/your ASN participate in such a service?
- - Do you see some kind of usefull feature in such a service?
- - Do you have any comments?
Thank you for telling me your opinions and best regards
Leiter Network Management
Tel: +49 22 33 - 612 - 3501
Fax: +49 22 33 - 612 - 53501
E-Mail: j.ott at plusserver.de
GPG-Fingerprint: 808A EADF C476 FABE 2366 8402 31FD 328C C2CA 7D7A
HRB 58428 / Amtsgericht Köln, USt-ID DE216 740 823
Vorstand: Jochen Berger, Frank Gross, Jan Osthues, Thomas Strohe
Aufsichtsratsvorsitz: Claudius Schmalschläger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the NANOG