If you're trying to do it on a /32 basis, I doubt you'd find too many
border router operators interested in accepting a route that small, but
I may be wrong.
I can think of at least one Global Tier One that offers a service that
allows one to do exactly this (ie. advertise a /30 or /32 to
On Feb 3, 2008 5:18 PM, Ben Butler <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
>
> "your point here is that perhaps instead of this scheme one would just
> advertise the max-prefix-length (/24 currently) from a 'better' place on
> your network and suck all the 'bad' traffic (all traffic in point of
> fa
Of
Christopher Morrow
Sent: 03 February 2008 20:56
To: Tomas L. Byrnes
Cc: nanog@merit.edu
Subject: Re: Blackholes and IXs and Completing the Attack.
On Feb 3, 2008 2:53 PM, Tomas L. Byrnes <[EMAIL PROTECTED]> wrote:
> 3: Backbone routers can't reasonably filter on a bunch of /32s
: nanog@merit.edu
Subject: RE: Blackholes and IXs and Completing the Attack.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> anyway, the idea behind multi-as blackholing has been (and apparently
> continues to get) rehashed a few times over the last 5-8 years... good
> luck!
It seems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> anyway, the idea behind multi-as blackholing has been (and
> apparently continues to get) rehashed a few times over the
> last 5-8 years... good luck!
It seems that way. People seem to forget about the conversations and
work around 2000 - 20
On Feb 3, 2008 2:53 PM, Tomas L. Byrnes <[EMAIL PROTECTED]> wrote:
> 3: Backbone routers can't reasonably filter on a bunch of /32s and also
> forward traffic at wire speed.
yes they can. the size of the individual route doesn't matter to the
devices in question, the NUMBER of routes does... (as
rnet God", and in general, is likely to be more
> effective in the real world.
>
> That whole "rough consensus and running code" ethos of the
> IETF thing, as opposed to the "Cathedral" mentality of the
> ITU (and ICANNt), which your approach would imply.
&
Original Message-
From: Tomas L. Byrnes [mailto:[EMAIL PROTECTED]
Sent: 03 February 2008 07:54
To: Ben Butler; nanog@merit.edu
Subject: RE: Blackholes and IXs and Completing the Attack.
"Well then they wouldn't be peering with this route reflector "
Well then, the utility is
From: Rick Astley [mailto:[EMAIL PROTECTED]
Sent: 03 February 2008 06:56
To: Ben Butler
Cc: nanog@merit.edu
Subject: Re: Blackholes and IXs and Completing the Attack.
I see your point, but I think maintaining the box for the control
session would also require a decent amount of work.
Presumably,
On Sat, 2 Feb 2008, Tomas L. Byrnes wrote:
> I sincerely doubt that any backbone provider will filter at a /32. That
> means they have to check EVERY PACKET AT FULL IP DEST against your AS
> advertised routes. Since most backbone routers build circuits at the /18
> and above mask on MPLS, just to
al Message-
> From: Ben Butler [mailto:[EMAIL PROTECTED]
> Sent: Saturday, February 02, 2008 2:42 PM
> To: Tomas L. Byrnes; nanog@merit.edu
> Subject: RE: Blackholes and IXs and Completing the Attack.
>
> "If you're trying to do it on a /32 basis, I doubt you&
I see your point, but I think maintaining the box for the control session
would also require a decent amount of work.
Presumably, since you must all adhere to some quasi-standard to communicate
with the control peer, you could probably also agree on creating a standard
BGP community (ie. 64666:666
some patents, and reviewed a bunch more.
>
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Morrow
> > Sent: Saturday, February 02, 2008 12:58 PM
> > To: Tomas L. Byrnes
> > Cc: Ben Butler; Paul
nog@merit.edu
> Subject: Re: Blackholes and IXs and Completing the Attack.
>
> On Feb 2, 2008 3:39 PM, Tomas L. Byrnes <[EMAIL PROTECTED]> wrote:
>
> > The bigger issue with all these approaches is that they run
> afoul of a
> > patent applied for by AT&T:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Roland Dobbins <[EMAIL PROTECTED]> wrote:
>On Feb 3, 2008, at 4:50 AM, Paul Ferguson wrote:
>
>> We (Trend Micro) do something similar to this -- a black-hole BGP
>> feed of known botnet C&Cs, such that the C&C channel is effectively
>> black-ho
it.
Kind Regards
Ben
From: Rick Astley [mailto:[EMAIL PROTECTED]
Sent: 03 February 2008 01:02
To: Ben Butler
Cc: nanog@merit.edu
Subject: Re: Blackholes and IXs and Completing the Attack.
While I am not sure I fully understand your suggestion, I don't
On Feb 3, 2008, at 4:50 AM, Paul Ferguson wrote:
We (Trend Micro) do something similar to this -- a black-hole BGP
feed of known botnet C&Cs, such that the C&C channel is effectively
black-holed.
What's the trigger (pardon the pun, heh) and process for removing IPs
from the blackhole list
While I am not sure I fully understand your suggestion, I don't think it
would be that hard to set up manually.
Sure it would require asking the individual peers for their black hole
communities, but of they don't have one they are unlikely to honor the
infrastructure you describe anyway.
Assume
---
From: Tomas L. Byrnes [mailto:[EMAIL PROTECTED]
Sent: 02 February 2008 20:39
To: Ben Butler; Paul Vixie; nanog@merit.edu
Subject: RE: Blackholes and IXs and Completing the Attack.
You could achieve the exact same result simply by not advertising the
network to your peers, or by advertising a bogus
ject: Re: Blackholes and IXs and Completing the Attack.
> I was not proposing he Null routing of the attack source in the other
> ISPs network but the destination in my network being Null routed as a
> destination from your network out.
i explained why this is bad -- it lowers the att
D]
Sent: 02 February 2008 20:49
To: Ben Butler
Cc: NANOG NANOG
Subject: Re: Blackholes and IXs and Completing the Attack.
On Feb 2, 2008, at 1:16 PM, Ben Butler wrote:
>
> So, given we all now understand each other - why is no one doing the
> above?
Some folks are doing this, just n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "Ben Butler" <[EMAIL PROTECTED]> wrote:
>The effect of this would be that any BotNet controlled hosts in the
>other member network would now be able to drop any attack traffic in
>their network on destination at their customer aggregation router
> I was not proposing he Null routing of the attack source in the other
> ISPs network but the destination in my network being Null routed as a
> destination from your network out.
i explained why this is bad -- it lowers the attacker's costs in what
amounts to an economics war. they can get a w
On Feb 2, 2008 3:39 PM, Tomas L. Byrnes <[EMAIL PROTECTED]> wrote:
> The bigger issue with all these approaches is that they run afoul of a
> patent applied for by AT&T:
>
> http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u
> =%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=
On Feb 2, 2008, at 1:16 PM, Ben Butler wrote:
So, given we all now understand each other - why is no one doing the
above?
Some folks are doing this, just not via some third-party
route servers. For example, either via customer peering
sessions, or other BGP interconnections between peers.
p;co1=AND&d=PG01&s1=200
60031575&OS=20060031575&RS=20060031575
USPTO App Number 20060031575
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Ben Butler
> Sent: Saturday, February 02, 2008 12:17 PM
> To: Paul Vixi
to block the traffic before it traverses
the IX and further back in their own networks.
So?
Ben
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Paul Vixie
Sent: 02 February 2008 17:32
To: nanog@merit.edu
Subject: Re: Blackholes and IXs and Completi
[EMAIL PROTECTED] ("Ben Butler") writes:
> ...
> This hopefully will ensure a relatively protected router that is only
> accessible from the edge routers we want and also secured to only accept
> filtered announcements for black holing and in consequence enable the
> system to be trusted similar
Hi,
I have been working away on remote trigger blackholing and community
based client initiated blackholing into transit ASes. It got me
thinking that while this works great with a handful of upstream transit
peers it does not really scale very well at an Internet Exchange with a
high overhead c
29 matches
Mail list logo
