Global Blackhole Service
justin at justinshore.com
Mon Feb 16 23:09:49 UTC 2009
Jens Ott - PlusServer AG wrote:
> Therefore I had the following idea: Why not taking one of my old routers and
> set it up as blackhole-service. Then everyone who is interested could set up a
> session to there and
I do something similar on our network with a RTBH trigger router. I
peer with it from my edges that are capable of handling that many BGP
routes. I feed into it hosts that scan our networks looking for running
SSH daemons and open proxies on specific default ports. With uRPF on
all our edges it will drop traffic whether the target IP is the source
or the destination. Works slick.
The Cisco Press "Router Security Strategies" book has good examples. A
trustworthy source for BGP blacklists of sorts would be an excellent
thing IMHO. I'd love to be able to reliably drop traffic from malicious
hosts before they scan our network and end up in my netflow logs.
Trust would be a big issue though.
More information about the NANOG