Global Blackhole Service
Patrick W. Gilmore
patrick at ianai.net
Sat Feb 14 16:45:11 CST 2009
On Feb 14, 2009, at 5:43 PM, Florian Weimer wrote:
> * Steven M. Bellovin:
>> As Randy and Valdis have pointed out, if this isn't done very
>> it's an open invitation to a new, very effective DoS technique. You
>> can't do this without authoritative knowledge of exactly who owns any
>> prefix; you also have to be able to authenticate the request to
>> blackhole it. Those two points are *hard*.
> If you want to run a public exchange point, you need to solve the same
> announcement validation problem. Multiple organizations appear to do
> it successfully, so it can't be that difficult.
No you don't.
And yes it is.
To be clear, I am not saying it should or should not be done, just
that your comparison is invalid.
More information about the NANOG