Unwanted Traffic Removal Service (UTRS)

Job Snijders job at instituut.net
Wed Oct 8 14:42:38 UTC 2014


Dear John,

On Wed, Oct 08, 2014 at 08:59:00AM -0500, John Kristoff wrote:
> UTRS is essentially a community RTBH that people have suggested to us
> would be a good service to provide, so we're giving it a go.

FYI, there are various projects which are similar to this concept:

    http://www.de-cix.net/products-services/de-cix-frankfurt/blackholing/
    https://ripe68.ripe.net/presentations/369-bgp_bh_ripe.pdf
    https://wiki.rtbh.me/

> If you think this is a terrible idea and want to express all that is
> wrong with it, tell me that too, I can take it.

Just like chicory, personally I don't like it. Yes, Cymru has build a
reputation as clearing house for redistribution of security related
information. But... (aside from any local safety net filter), it's quite
a leap to allow a single entity to inject blackholes for any prefix.

There are various flavors at the moment in terms of validation (please
correct me if I am wrong): The Polish blackholing project only allows
blackholes which fall within the set of prefixes which an ASN
originates, the DE-CIX BS service accepts anything that is a subset of
your AS-SET. 

Both approaches have their downsides: you can make any AS or AS-SET a
member of your AS-SET and thereby gain a degree of control on the RTBH
server, and for $500/year you can register any route-object you want in
RADB.

RIPE is the only RIR which has the IRR service as a truely integral part
of the database, allowing advanced automatable authentication schemes
for purposes such as these. However, they only administrate for a subset
of the Internet, making this direction inpractical for a universal
solution.

Might I suggest an alternative approach, without central validation or
need for a clearing house:

IXPs could offer BGP or API triggered ACLs which are inserted into the
peering fabric and only affect the participant's peering port(s). This
way, any blackholing (either correctly applied or malicious) only
affects the initator of that blackhole and nobody else. Advantages are
that aclserver does not require peers to cooperate with each other and
no validation is required.

Kind regards,

Job


More information about the NANOG mailing list