[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Global Blackhole Service

Subject: Global Blackhole Service
From: fw at deneb.enyo.de (Florian Weimer)
Date: Sat, 14 Feb 2009 23:43:58 +0100
In-reply-to: <[email protected]> (Steven M. Bellovin's message of "Fri, 13 Feb 2009 12:15:53 -0500")
References: <[email protected]> <[email protected]> <[email protected]>

* Steven M. Bellovin:

> As Randy and Valdis have pointed out, if this isn't done very carefully
> it's an open invitation to a new, very effective DoS technique.  You
> can't do this without authoritative knowledge of exactly who owns any
> prefix; you also have to be able to authenticate the request to
> blackhole it.  Those two points are *hard*.

If you want to run a public exchange point, you need to solve the same
announcement validation problem.  Multiple organizations appear to do
it successfully, so it can't be that difficult.

Follow-Ups:
- Global Blackhole Service
  - From: patrick at ianai.net (Patrick W. Gilmore)
- Global Blackhole Service
  - From: mmc at internode.com.au (Matthew Moyle-Croft)

References:
- Global Blackhole Service
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- Global Blackhole Service
  - From: nuno.vieira at nfsi.pt (Nuno Vieira - nfsi telecom)
- Global Blackhole Service
  - From: smb at cs.columbia.edu (Steven M. Bellovin)

Prev by Date: Global Blackhole Service
Next by Date: Global Blackhole Service
Previous by thread: Global Blackhole Service
Next by thread: Global Blackhole Service
Index(es):
- Date
- Thread