* Valdis Kletnieks: > On Fri, 13 Feb 2009 15:57:32 +0100, Jens Ott - PlusServer AG said: >> Therefore I had the following idea: Why not taking one of my old routers and >> set it up as blackhole-service. Then everyone who is interested could set up >> a >> session to there and >> >> 1.) announce /32 (/128) routes out of his prefixes to blackhole them >> 2.) receive all the /32 (/128) announcements from the other peers with the >> IPs >> they want to have blackholed and rollout the blackhole to their network. > > How do you vet proposed new entries to make sure that some miscreant doesn't > DoS a legitimate site by claiming it is in need of black-holing?
The same way you prevent rogue announcements. 8-/ I guess an IX would be able to perform some validation of blacklisting requests, or at least provide a contractual framework. I don't think a global solution exists (beyond the "use my route server" approach, which is quite global--until there are two of them).