nanog mailing list archives
Re: Global Blackhole Service
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 14 Feb 2009 23:43:58 +0100
* Steven M. Bellovin:
As Randy and Valdis have pointed out, if this isn't done very carefully it's an open invitation to a new, very effective DoS technique. You can't do this without authoritative knowledge of exactly who owns any prefix; you also have to be able to authenticate the request to blackhole it. Those two points are *hard*.
If you want to run a public exchange point, you need to solve the same announcement validation problem. Multiple organizations appear to do it successfully, so it can't be that difficult.
Current thread:
- Re: Global Blackhole Service, (continued)
- Re: Global Blackhole Service Randy Bush (Feb 13)
- Re: Global Blackhole Service Nuno Vieira - nfsi telecom (Feb 13)
- Re: Global Blackhole Service Nuno Vieira - nfsi telecom (Feb 13)
- Re: Global Blackhole Service Valdis . Kletnieks (Feb 13)
- Re: Global Blackhole Service Jack Bates (Feb 13)
- Re: Global Blackhole Service Jens Ott - PlusServer AG (Feb 13)
- Re: Global Blackhole Service Nuno Vieira - nfsi telecom (Feb 13)
- Re: Global Blackhole Service Steven M. Bellovin (Feb 13)
- Re: Global Blackhole Service Jens Ott - PlusServer AG (Feb 13)
- Re: Global Blackhole Service Jack Bates (Feb 13)
- Re: Global Blackhole Service Florian Weimer (Feb 14)
- Re: Global Blackhole Service Patrick W. Gilmore (Feb 14)
- Re: Global Blackhole Service Michael Thomas (Feb 15)
- Re: Global Blackhole Service Marshall Eubanks (Feb 15)
- cogent issues John Martinez (Feb 15)
- Re: cogent issues Michal Krsek (Feb 16)
- Re: cogent issues neal rauhauser (Feb 16)
- Re: cogent issues Marshall Eubanks (Feb 16)
- Re: cogent issues Ran Liebermann (Feb 16)
- Re: Global Blackhole Service Jack Bates (Feb 13)
- Re: Global Blackhole Service Randy Bush (Feb 13)
- Re: Global Blackhole Service Matthew Moyle-Croft (Feb 14)