FYI - I think Paul knows exactly what you are talking about. Hint - review the seminar:
http://www.nanog.org/meetings/nanog36/abstracts.php?pt=Mzk5Jm5hbm9nMzY=&nm=n anog36 > -----Original Message----- > From: Jack Bates [mailto:jba...@brightok.net] > Sent: Friday, February 13, 2009 9:23 AM > To: Paul Vixie > Cc: na...@merit.edu > Subject: Re: Global Blackhole Service > > Paul Vixie wrote: > > i think Spamhaus and Cymru are way ahead of you in > implementing such a > > thing, and it's likely that there are even commercial > alternatives to > > Trend Micro although i have not kept up on those details. > > I think there's a misunderstanding from what I've read about > what is being blackholed. We are not talking about > blackholing the senders, but a massive scale method of > blackholing the victims at the victim's request to protect > infrastructure. Currently this type of service usually > doesn't extend beyond one or two ASs and depending on traffic > flows can still cause damage, especially through exchange points. > > With enough support and use, this would allow a larger > portion of bad traffic to be null routed closer to the sender > origination points. Since the null routing BGP servers would > expect a larger routing table from these /32 networks, they > would be placed at key points capable of handling the larger > tables; compared to just allowing the /32's out into the wild > and possibly exceeding route/memory constraints. > > It can also be used as authoritative information that an IP > is undergoing a DOS attack, and large volumes of connections > to that IP should be considered suspect. I consider this a > much more useful method of detecting DOS traffic leaving your > infected users than the emails which are usually sent out by > those being hit by DOS. > > > Jack > > >
