RE: Unwanted Traffic Removal Service (UTRS)

["Naslund, Steve" <SNaslund () medline com>]

I understand the concerns but it seems to me that there are already plenty of ways for any large government to black 
hole whatever they want and they do not need UTRS to do so.  The only thing stopping (most) governments from doing this 
regularly are fears of turning the Internet into another arms race.  It's a stigma thing like the different between 
launching the first nuke vs. being the responder.  We all know they do a lot of cyber stuff out there but it is mostly 
behind a veil of deniability. 

First, if they have access to a tier 1 carrier (or at least enough carriers to make an impact) in their jurisdiction 
they could just order that carrier to do it with whatever court system (or not) is required.  Most large governments 
also have enough connectivity to bury a route by brute force.  The only thing stopping (most) governments from doing 
this regularly are fears of turning the Internet into another arms race and possibly losing easy access to that 
resource.  We all know they do a lot of cyber crime stuff out there but it is mostly behind a veil of deniability. 

There has actually been more black hole events that occur by accident or as part of denial of service attacks than 
government launched.  The global routing structure of the Internet has always been highly cooperative and vulnerable to 
a bad actor at a lot of points.  My only real concern with UTRS is designing a system that cannot be gamed or exploited 
to turn it into a very effective DoS weapon system.  I admit that I don't know enough about how it works to make that 
decision yet.

Steven Naslund
Chicago IL
  

> Subject: Re: Unwanted Traffic Removal Service (UTRS)

> On Thu, 09 Oct 2014 22:58:05 +0200
> Christian Seitz <chris () in-berlin de> wrote:

> > What I do not like at this UTRS idea is that I cannot announce a 
> > prefix via BGP. Somebody has to inject it for me. I would like to 
> > announce it in real time and not with delay because of manual 
> > approval.

> While true today, it might not be true for long.  It requires code to be written in order to perform the desired 
> verification we want before blindly passing along an announcement. Code we're not motivated to write if there is 
> > insufficient interest in UTRS. Interest is looking good, so the code may soon follow. In other words, this a valid 
> complaint, but it may have a limited life span.

> > One problem that I also see here is that this single entity could be 
> > forced by someone (eg. government) to blackhole some prefix. If this 
> > ever happens such a project will have to be terminated.

> I've heard this once before too.  I admit we probably can't provide a satisfactory answer to some who will be so 
> distrustful of government or influence peddling to win them over, but I'll try to offer a response that I hope is 
> > fairly reasonable and satisfies the majority, and presumably any of the actual participants.

> There are legal questions, maneuvers and responses that might be interesting to speculate on, but I'll say simply 
> this.  Team Cymru, while established and operated within the U.S., is a global organization with team members outside 
> > of the U.S. and we rely heavily on the cooperation of global partners to do what we do.  If we could be compelled to 
> announce a black hole by someone, government or otherwise, the cooperation and inherent trust we might have with >the 
> Internet community is probably gone and we are likely finished as an organization. It would be counter to our very 
> existence and so on that basis I hope most would agree is extremely unlikely to occur.  Now if someone came up to >me 
> with a gun to my head and said type the equivalent of "ip route foonet mask 192.0.2.1" or die, I might just type it 
> out of self preservation.

> > We also had some DDoS attacks via IPv6. I think it's important to also 
> > have such a service for IPv6. Starting with IPv4 is ok and better than 
> > nothing, but IPv6 should not be on the roadmap for
> > 2018 ;-)

> You are only the second person I've heard from to explicitly state as such.  This is actually not terribly hard to do 
> and I'm pretty certain could be done way before 2018.  Simple to start, careful and necessary improvements as we >go.

> Thanks for your comments Chris,

> John