Global Blackhole Service
Barry Raveendran Greene
bgreene at senki.org
Fri Feb 13 18:03:38 UTC 2009
FYI - I think Paul knows exactly what you are talking about.
Hint - review the seminar:
> -----Original Message-----
> From: Jack Bates [mailto:jbates at brightok.net]
> Sent: Friday, February 13, 2009 9:23 AM
> To: Paul Vixie
> Cc: nanog at merit.edu
> Subject: Re: Global Blackhole Service
> Paul Vixie wrote:
> > i think Spamhaus and Cymru are way ahead of you in
> implementing such a
> > thing, and it's likely that there are even commercial
> alternatives to
> > Trend Micro although i have not kept up on those details.
> I think there's a misunderstanding from what I've read about
> what is being blackholed. We are not talking about
> blackholing the senders, but a massive scale method of
> blackholing the victims at the victim's request to protect
> infrastructure. Currently this type of service usually
> doesn't extend beyond one or two ASs and depending on traffic
> flows can still cause damage, especially through exchange points.
> With enough support and use, this would allow a larger
> portion of bad traffic to be null routed closer to the sender
> origination points. Since the null routing BGP servers would
> expect a larger routing table from these /32 networks, they
> would be placed at key points capable of handling the larger
> tables; compared to just allowing the /32's out into the wild
> and possibly exceeding route/memory constraints.
> It can also be used as authoritative information that an IP
> is undergoing a DOS attack, and large volumes of connections
> to that IP should be considered suspect. I consider this a
> much more useful method of detecting DOS traffic leaving your
> infected users than the emails which are usually sent out by
> those being hit by DOS.
More information about the NANOG