North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Blackholes and IXs and Completing the Attack.

  • From: Barry Greene (bgreene)
  • Date: Sun Feb 03 16:18:36 2008
  • Authentication-results: sj-dkim-2; [email protected]; dkim=pass ( sig from verified; );
  • Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=1234; t=1202072841; x=1202936841; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version;; [email protected]; z=From:=20=22Barry=20Greene=20(bgreene)=22=20<[email protected] com> |Subject:=20RE=3A=20Blackholes=20and=20IXs=20and=20Completi ng=20the=20Attack. |Sender:=20; bh=reRi3xXDsEsV0vkJtPbSJv3oAm7KB/Nmra4UVUBBfN4=; b=p4NzLDfAU88EsX/IhsN7ma9dXnTNFiyI6P/zaxH8LSHNE0m/o/LJwntWIx ZrDMFEbMPQpyWEX6Jc9BGgUUQMHhoECRaRSWa4/HfqglEAKrEPjDdGmk6JrQ QXjHv56g1I;

Hash: SHA1


> anyway, the idea behind multi-as blackholing has been (and 
> apparently continues to get) rehashed a few times over the 
> last 5-8 years... good luck!

It seems that way. People seem to forget about the conversations and
work around 2000 - 2002. We not only had RTBH (static), multi AS
RTBH, Source based RTBH (why uRPF Loose check was created), BGP
Community based packet filtering (QPPB - source or destination),
Backscatter Traceback (Chris and Brian's cool technique), Customer
triggered RTBH (another Chris and Brian trick), BGP Shunts
(originally created for the Great Firewall), MAPS's grow (which had
multi-AS eBGP multihops BGP RTBHs back in 1997 for anti-SPAM
filtering), and then all the BGP Flow-Spec work.

We even have a RFC - 3882 Configuring BGP to Block Denial-of-Service
Attacks. by D. Turk. published in September 2004.

This is a good conversation for NANOG, but we really need to build up
some FAQ so we don't keep going over the same things every year. 


Version: PGP 8.1