NANOG Meeting Presentation Abstract

Blackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild
Meeting:	NANOG67
Date / Time:	2016-06-14 5:00pm - 5:30pm
Room:	Imperial Ballroom (B2 Level)
Presenters:	Speakers: Christoph Dietzel, DE-CIX / TU Berlin Since June 2014, Christoph Dietzel is member of the DE-CIX Research and Development team and responsible for several research efforts and also involved in numerous projects funded by the public sector (EU, German Federal Ministries). Moreover, he is a PhD student in the INET group, advised by Anja Feldmann at TU Berlin, since the end of 2014. His ongoing research interests focus on Internet measurements & security, routing, and traffic classification. Chris is also highly interested in IXP-related aspects of the Internet ecosystem. Prior to his work at DE-CIX and his PhD studies he received BSc and MSc degrees in computer science from the Darmstadt University of Applied Sciences. Alongside his studies, Chris was employed by the Fraunhofer SIT and CASED as a student research assistant. In 2013, Christoph Dietzel was granted a scholarship to conduct research and study at the UMass (USA). In cooperation with Siemens CERT, he worked on dynamic malware analysis for Android in fulfillment of his Master’s Thesis.
Abstract:	DDoS attacks remain a serious threat not only to the edge of the Internet but also to the core peering links at Internet Exchange Points. Blackholing at IXPs is an operational technique that allows a peer to announce a prefix via BGP to another peer, which then discards traffic destined for this prefix. However, as far as we know there is only anecdotal evidence of the success of blackholing. In this talk, we shed light on the extent to which blackholing is used by the IXP members and its impact on traffic, e.g., volumes or patterns. Within a 12 week period we found that traffic to more than 7,864 distinct IP prefixes was blackholed by 75 ASes. The daily patterns emphasize that there are not only a highly variable number of new announcements every day but, surprisingly, there is a consistently high number of announcements > 1000. Moreover, we highlight case studies in which blackholing succeeds in reducing the DDoS attack traffic. In addition we briefly present the current state of blackholing standardization within the IETF.
Files:	Blackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild Dietzel_Blackholing (PDF)
Sponsors:	None.

Back to NANOG67 agenda.

NANOG67 Abstracts

• Show All

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• The Real Cost of Public IXPs
  Speakers:
  David Temkin, Netflix;

• NANOG 67 Hackathon team black hole route monitor
  Speakers:
  John Kristoff, DePaul University;

• NANOG 67 Hackathon team take-off
  Speakers:
  Chris WoodfieldTwitter; .
  Peter Hoose, Facebook, Inc.;

• NANOG 67 Hackathon team take-off
  Speakers:
  Chris WoodfieldTwitter; .
  Peter Hoose, Facebook, Inc.;

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• Network Support for TCP Fast Open
  Speakers:
  Christoph Paasch, Apple;

• Elliptic curves to the rescue: tackling availability and attack potential in DNSSEC
  Speakers:
  Roland van Rijswijk-Deij, SURFnet;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Tutorial Everything You Always Wanted to Know About Optical Networking
  Speakers:
  Richard A Steenbergen, PacketFabric;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• Security Track
  Speakers:
  John Kristoff, DePaul University; Christoph Dietzel.
  Ryan Haley.
  Jelena Mirkovic.
  

• DNSSEC Tutorial
  Speakers:
  Eddy Winstead, Internet Systems Consortium;

• Security Track
  Speakers:
  John Kristoff, DePaul University; Christoph Dietzel.
  Ryan Haley.
  Jelena Mirkovic.
  

• Security Track
  Speakers:
  John Kristoff, DePaul University; Christoph Dietzel.
  Ryan Haley.
  Jelena Mirkovic.
  

• Security Track
  Speakers:
  John Kristoff, DePaul University; Christoph Dietzel.
  Ryan Haley.
  Jelena Mirkovic.
  

• NANOG 67 Hackathon team PiCon
  Speakers:
  Brandon Bennett.
  

• Avoiding Nation-State Surveillance
  Speakers:
  Roya EnsafiNick Feamster.
  Annie Edmundson, Princeton University; Jennifer Rexford.
  

• Avoiding Nation-State Surveillance
  Speakers:
  Roya EnsafiNick Feamster.
  Annie Edmundson, Princeton University; Jennifer Rexford.
  

• Avoiding Nation-State Surveillance
  Speakers:
  Roya EnsafiNick Feamster.
  Annie Edmundson, Princeton University; Jennifer Rexford.
  

• Avoiding Nation-State Surveillance
  Speakers:
  Roya EnsafiNick Feamster.
  Annie Edmundson, Princeton University; Jennifer Rexford.
  

• Everyday practical BGP filtering
  Speakers:
  Job Snijders, NTT;

• Peering Security and Resiliency
  Speakers:
  Greg Hankins, Nokia; Job Snijders, NTT;

• Peering Security and Resiliency
  Speakers:
  Greg Hankins, Nokia; Job Snijders, NTT;

• DNS-based censorship: theory and measurements
  Speakers:
  Stphane Bortzmeyer, AFNIC;

• Blackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild
  Speakers:
  Christoph Dietzel, DE-CIX / TU Berlin;

• TCP over IP Anycast - Pipe dream or Reality?
  Speakers:
  Shawn Zandi, LinkedIn; Ritesh Maheshwari, LinkedIn;

• TCP over IP Anycast - Pipe dream or Reality?
  Speakers:
  Shawn Zandi, LinkedIn; Ritesh Maheshwari, LinkedIn;

• Suffering Withdrawal; an automated approach to connectivity evaluation
  Speakers:
  Tim Hoffman, Twitter; Bruce McDougall, Cisco Systems; Nick Slabakov, Juniper Networks; Micah Croff, GitHub;

• Suffering Withdrawal; an automated approach to connectivity evaluation
  Speakers:
  Tim Hoffman, Twitter; Bruce McDougall, Cisco Systems; Nick Slabakov, Juniper Networks; Micah Croff, GitHub;

• Suffering Withdrawal; an automated approach to connectivity evaluation
  Speakers:
  Tim Hoffman, Twitter; Bruce McDougall, Cisco Systems; Nick Slabakov, Juniper Networks; Micah Croff, GitHub;

• Suffering Withdrawal; an automated approach to connectivity evaluation
  Speakers:
  Tim Hoffman, Twitter; Bruce McDougall, Cisco Systems; Nick Slabakov, Juniper Networks; Micah Croff, GitHub;

• Measurement based inter-domain traffic engineering
  Speakers:
  WENQIN SHAO, Telecom ParisTech;

• Utilizing Kea hook points for modern IP addressing
  Speakers:
  Eddy Winstead, Internet Systems Consortium;

• Ten Lessons From Telemetry
  Speakers:
  Shelly Cadora, Cisco Systems;

• Automating Maintenance Notifications
  Speakers:
  Erik Klavon, Box; Francisco HidalgoFacebook; .
  

• Automating Maintenance Notifications
  Speakers:
  Erik Klavon, Box; Francisco HidalgoFacebook; .
  

• Post IPv4 Depletion Trends
  Speakers:
  Leslie Nobile

• Experiences with network automation at Dyn
  Speakers:
  Carlos Vicente, Dyn Inc.;

• Closing Session
  Speakers:
  Betty Burke, NANOG;