Global Blackhole Service

Justin Shore justin at
Mon Feb 16 23:09:49 UTC 2009

Jens Ott - PlusServer AG wrote:
> Therefore I had the following idea: Why not taking one of my old routers and
> set it up as blackhole-service. Then everyone who is interested could set up a
> session to there and

I do something similar on our network with a RTBH trigger router.  I 
peer with it from my edges that are capable of handling that many BGP 
routes.  I feed into it hosts that scan our networks looking for running 
SSH daemons and open proxies on specific default ports.  With uRPF on 
all our edges it will drop traffic whether the target IP is the source 
or the destination.  Works slick.

The Cisco Press "Router Security Strategies" book has good examples.  A 
trustworthy source for BGP blacklists of sorts would be an excellent 
thing IMHO.  I'd love to be able to reliably drop traffic from malicious 
hosts before they scan our network and end up in my netflow logs. 
Trust would be a big issue though.


More information about the NANOG mailing list