Hi Jens, I think we are in the same boat.
We suffered the same problem often, on a lower magnitude, but if a project like this exists those DDoS could even be almost near zero. This is somewhat similar to what Spamcop, and other folks do with SPAM today, but applied on a diferent scope, say, BGP Blackhole. This service can span wide after just peers, opening the opportunity to edge-to-edge DDoS mitigation. Say, a network in .pt or .de is beign attacked at large, and dst operators inject the dst attacked source on the blackhole bgp feed... say that 100+ other ops around the world use a cenário like this... this might be very useful. concers: the "autohority" or the "responsible" for maintaining this project, must assure that OP A or OP B can *only* annouce chunks that below to him, avoiding any case of hijack. We would be interested in participating in something like this. So, > My questions to all of you: > > - - What do you think about such service? It will be great. We are available to help. > - - Would you/your ASN participate in such a service? Yes. > - - Do you see some kind of usefull feature in such a service? Yes, a few thoughts above, some more might come up. > - - Do you have any comments? For starters, a few above. Regards, --- Nuno Vieira nfsi telecom, lda. nuno.vie...@nfsi.pt Tel. (+351) 21 949 2300 - Fax (+351) 21 949 2301 http://www.nfsi.pt/ ----- "Jens Ott - PlusServer AG" <j....@plusserver.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > in the last 24 hours we received two denial of service attacks with > something > like 6-8GBit volume. It did not harm us too much, but e.g. one of our > upstreams got his Amsix-Port exploded. > > With our upstreams we have remote-blackhole sessions running where we > announce > /32 prefixes to blackhole at their edge, but this does not work with > our > peers. Also our Decix-Port received something like 2Gbit extra-traffic > during > this DoS. > > I can imagine, that for some peers, especially for the once having > only a thin > fiber (e.g. 1GBit) to Decix, it's not to funny having it flooded with > a DoS > and that they might be interested in dropping such traffic at their > edge. > > Well I could discuss with my peers (at least the once who might get in > trouble > with such issue) to do some individual config for some > blackhole-announcement, > but most probably I'm not the only one receiving DoS and who would be > interested in such setup. > > Therefore I had the following idea: Why not taking one of my old > routers and > set it up as blackhole-service. Then everyone who is interested could > set up a > session to there and > > 1.) announce /32 (/128) routes out of his prefixes to blackhole them > 2.) receive all the /32 (/128) announcements from the other peers with > the IPs > they want to have blackholed and rollout the blackhole to their > network. > > My questions to all of you: > > - - What do you think about such service? > - - Would you/your ASN participate in such a service? > - - Do you see some kind of usefull feature in such a service? > - - Do you have any comments? > > Thank you for telling me your opinions and best regards > > - -- > =================================================================== > > Jens Ott > Leiter Network Management > > Tel: +49 22 33 - 612 - 3501 > Fax: +49 22 33 - 612 - 53501 > > E-Mail: j....@plusserver.de > GPG-Fingerprint: 808A EADF C476 FABE 2366 8402 31FD 328C C2CA 7D7A > > PlusServer AG > Daimlerstraße 9-11 > 50354 Hürth > > Germany > > HRB 58428 / Amtsgericht Köln, USt-ID DE216 740 823 > Vorstand: Jochen Berger, Frank Gross, Jan Osthues, Thomas Strohe > Aufsichtsratsvorsitz: Claudius Schmalschläger > > =================================================================== > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkmVilwACgkQMf0yjMLKfXpNuQCeKcicthIadISe7I+Xs5ZNHS+1 > 0qUAnRDkOY9/6kokq3Hf68BRQFfkP3xy > =jKUA > -----END PGP SIGNATURE-----
