nanog mailing list archives
Re: Global Blackhole Service
From: Jack Bates <jbates () brightok net>
Date: Fri, 13 Feb 2009 11:22:30 -0600
Paul Vixie wrote:
i think Spamhaus and Cymru are way ahead of you in implementing such a thing, and it's likely that there are even commercial alternatives to Trend Micro although i have not kept up on those details.
I think there's a misunderstanding from what I've read about what is being blackholed. We are not talking about blackholing the senders, but a massive scale method of blackholing the victims at the victim's request to protect infrastructure. Currently this type of service usually doesn't extend beyond one or two ASs and depending on traffic flows can still cause damage, especially through exchange points.
With enough support and use, this would allow a larger portion of bad traffic to be null routed closer to the sender origination points. Since the null routing BGP servers would expect a larger routing table from these /32 networks, they would be placed at key points capable of handling the larger tables; compared to just allowing the /32's out into the wild and possibly exceeding route/memory constraints.
It can also be used as authoritative information that an IP is undergoing a DOS attack, and large volumes of connections to that IP should be considered suspect. I consider this a much more useful method of detecting DOS traffic leaving your infected users than the emails which are usually sent out by those being hit by DOS.
Jack
Current thread:
- Re: Global Blackhole Service, (continued)
- Re: Global Blackhole Service Matthew Moyle-Croft (Feb 14)
- Re: Global Blackhole Service Florian Weimer (Feb 13)
- Re: Global Blackhole Service Randy Bush (Feb 13)
- Re: Global Blackhole Service Tico (Feb 13)
- RE: Global Blackhole Service Barry Raveendran Greene (Feb 13)
- Re: Global Blackhole Service John Kristoff (Feb 14)
- Re: Global Blackhole Service Justin Shore (Feb 16)
- Re: Global Blackhole Service Nuno Vieira - nfsi telecom (Feb 13)
- Re: Global Blackhole Service Suresh Ramasubramanian (Feb 13)
- Re: Global Blackhole Service Paul Vixie (Feb 13)
- Re: Global Blackhole Service Jack Bates (Feb 13)
- Re: Global Blackhole Service Paul Vixie (Feb 13)
- Re: Global Blackhole Service Chris Jester (Feb 13)
- Re: Global Blackhole Service Jack Bates (Feb 13)
- Re: Global Blackhole Service Jens Ott - PlusServer AG (Feb 13)
- Re: Global Blackhole Service Paul Vixie (Feb 14)
- Re: Global Blackhole Service Jens Ott - PlusServer AG (Feb 15)
- Re: Global Blackhole Service Randy Bush (Feb 15)
- Re: Global Blackhole Service Christopher Morrow (Feb 13)
- RE: Global Blackhole Service Jake Mertel (Feb 13)
- Re: Global Blackhole Service Paul Vixie (Feb 14)