Trusted Networks Initiative: DDoS fallback set of AS'es

Christopher Morrow morrowc.lists at gmail.com
Thu Apr 16 19:39:46 UTC 2015


On Thu, Apr 16, 2015 at 6:58 AM, David Hofstee <david at mailplus.nl> wrote:
> Hi,
>
> I saw the following and thought it would be interesting to share. In case of a persistent DDoS an ASy can fallback to a small set of (more trustable) AS'es for their routing:
> http://www.trustednetworksinitiative.nl/
>
> They have a policy with procedural and technical parts, which may be upgraded later, for parties who want to participate:
> https://www.thehaguesecuritydelta.com/images/20141124_Trusted_Networks_Policy_beta-vs0_7.pdf
>
> Without having an opinion if everybody in the world should join this (I don't know the desired scope of this group), but the idea is interesting. I had not seen something like it before.

so...:

"The principles of the solutions are simple: each participating
network at its sole discretion can step to ‘trusted internet only’ if
an emergency situation requires to temporary disconnect from the
global internet."

you're asking your ISP or set of ISPs to 'stop forwarding me packets
from X and Y and Z'

sure, why do we need a new special group and designation for that?
can't you just no-export your routes to your provider today? (or other
similar options).

this seems ... shortsighted at best and incredibly dumb at worst.



More information about the NANOG mailing list