Re: Global Blackhole Service

["Patrick W. Gilmore" <patrick () ianai net>]

On Feb 14, 2009, at 5:43 PM, Florian Weimer wrote:
> * Steven M. Bellovin:
>
> > As Randy and Valdis have pointed out, if this isn't done very  
> > carefully
> > it's an open invitation to a new, very effective DoS technique.  You
> > can't do this without authoritative knowledge of exactly who owns any
> > prefix; you also have to be able to authenticate the request to
> > blackhole it.  Those two points are *hard*.
>
> If you want to run a public exchange point, you need to solve the same
> announcement validation problem.  Multiple organizations appear to do
> it successfully, so it can't be that difficult.

No you don't.

And yes it is.

To be clear, I am not saying it should or should not be done, just  
that your comparison is invalid.

--
TTFN,
patrick