nanog mailing list archives
Re: Global Blackhole Service
From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 13 Feb 2009 21:59:48 +0100
* Valdis Kletnieks:
On Fri, 13 Feb 2009 15:57:32 +0100, Jens Ott - PlusServer AG said:Therefore I had the following idea: Why not taking one of my old routers and set it up as blackhole-service. Then everyone who is interested could set up a session to there and 1.) announce /32 (/128) routes out of his prefixes to blackhole them 2.) receive all the /32 (/128) announcements from the other peers with the IPs they want to have blackholed and rollout the blackhole to their network.How do you vet proposed new entries to make sure that some miscreant doesn't DoS a legitimate site by claiming it is in need of black-holing?
The same way you prevent rogue announcements. 8-/ I guess an IX would be able to perform some validation of blacklisting requests, or at least provide a contractual framework. I don't think a global solution exists (beyond the "use my route server" approach, which is quite global--until there are two of them).
Current thread:
- Re: Global Blackhole Service, (continued)
- Re: Global Blackhole Service Florian Weimer (Feb 14)
- Re: Global Blackhole Service Patrick W. Gilmore (Feb 14)
- Re: Global Blackhole Service Michael Thomas (Feb 15)
- Re: Global Blackhole Service Marshall Eubanks (Feb 15)
- cogent issues John Martinez (Feb 15)
- Re: cogent issues Michal Krsek (Feb 16)
- Re: cogent issues neal rauhauser (Feb 16)
- Re: cogent issues Marshall Eubanks (Feb 16)
- Re: cogent issues Ran Liebermann (Feb 16)
- Re: Global Blackhole Service Matthew Moyle-Croft (Feb 14)
- Re: Global Blackhole Service Randy Bush (Feb 13)
- RE: Global Blackhole Service Barry Raveendran Greene (Feb 13)
- Re: Global Blackhole Service Suresh Ramasubramanian (Feb 13)
- Re: Global Blackhole Service Paul Vixie (Feb 13)
- Re: Global Blackhole Service Jack Bates (Feb 13)
- Re: Global Blackhole Service Paul Vixie (Feb 13)