-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
in the last 24 hours we received two denial of service attacks with something
like 6-8GBit volume. It did not harm us too much, but e.g. one of our
upstreams got his Amsix-Port exploded.
With our upstreams we have remote-blackhole sessions runnin
On Fri, Feb 13, 2009 at 8:27 PM, Jens Ott - PlusServer AG
wrote:
> - - What do you think about such service?
> - - Would you/your ASN participate in such a service?
> - - Do you see some kind of usefull feature in such a service?
> - - Do you have any comments?
Ah. rbl.maps.vix.com from about a d
would this itself not be a dos path?
randy
Hi Jens,
I think we are in the same boat.
We suffered the same problem often, on a lower magnitude, but if a project like
this exists those DDoS could even be almost near zero.
This is somewhat similar to what Spamcop, and other folks do with SPAM today,
but applied on a diferent scope, say, B
In that way, Spamcop and other folks are DOS'ing for years aswell. And in
fact, by denying things around, they are just scrubing and filtering, to make
our day happier, avoiding huge masses of spam and useless crap.
I don't see it the way you do.
A project like this, like also spamcop, are gre
Hi Suresh,
But in the meanwhile, a decade later, it does not longer exist.
At least, i can't reach that host, and i was unable to find working
documentation on google of how about this project works, today.
In fact, the first link that google gave out, says that this project is dead at
least 2
On Fri, 13 Feb 2009 15:57:32 +0100, Jens Ott - PlusServer AG said:
> Therefore I had the following idea: Why not taking one of my old routers and
> set it up as blackhole-service. Then everyone who is interested could set up a
> session to there and
>
> 1.) announce /32 (/128) routes out of his pre
DDoS drones - especially with botnets - can produce a really large zone
To start with google "spamhaus drop list". Then look at the cbl and
see if you think its worth using as a bgp feed
On Fri, Feb 13, 2009 at 9:20 PM, Nuno Vieira - nfsi telecom
wrote:
> Hi Suresh,
>
> But in the meanwhile, a d
valdis.kletni...@vt.edu wrote:
How do you vet proposed new entries to make sure that some miscreant doesn't
DoS a legitimate site by claiming it is in need of black-holing? Note that
it's a different problem space than a bogon BGP feed or a spam-source BGP
feed - if the Cymru guys take another 6
Ok, however, what i am talking about is a competelly diferent thing, and i
think that my thoughts are alligned with Jens.
We want to have a Sink-BGP-BL, based on Destination.
Imagine, i as an ISP, host a particular server that is getting nn Gbps of DDoS
attack. I null route it, and start adver
wrote:
> > > - - What do you think about such service?
> > > - - Would you/your ASN participate in such a service?
> > > - - Do you see some kind of usefull feature in such a service?
> > > - - Do you have any comments?
- "Suresh Ramasubramanian" wrote:
> > Ah. rbl.maps.vix.com from about a
From: Nuno Vieira - nfsi telecom
Sent: Friday, February 13, 2009 07:13
To: Jens Ott - PlusServer AG
Cc: nanog
Subject: Re: Global Blackhole Service
Hi Jens,
I think we are in the same boat.
We suffered the same problem often, on a lower magnitude, but if a project like
this exists those DDoS cou
c from IPs listed with that community to the blackhole RR
destination(s) everywhere in there network.
BR
Jens
>
> - S
>
> -Original Message-
> From: Nuno Vieira - nfsi telecom
> Sent: Friday, February 13, 2009 07:13
> To: Jens Ott - PlusServer AG
> Cc: nanog
>
On Fri, 13 Feb 2009 16:41:41 + (WET)
Nuno Vieira - nfsi telecom wrote:
> Ok, however, what i am talking about is a competelly diferent thing,
> and i think that my thoughts are alligned with Jens.
>
> We want to have a Sink-BGP-BL, based on Destination.
>
> Imagine, i as an ISP, host a part
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
@jack: sorry for duplicate ... pressed reply instead of reply-all ;)
Jack Bates schrieb:
> valdis.kletni...@vt.edu wrote:
> Presumably, the route server would have to have the same guidelines as
> issued by service providers. ie, /32 networks injected
Paul Vixie wrote:
i think Spamhaus and Cymru are way ahead of you in implementing such a thing,
and it's likely that there are even commercial alternatives to Trend Micro
although i have not kept up on those details.
I think there's a misunderstanding from what I've read about what is
being bl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steven M. Bellovin schrieb:
> On Fri, 13 Feb 2009 16:41:41 + (WET)
> Nuno Vieira - nfsi telecom wrote:
>
>> Ok, however, what i am talking about is a competelly diferent thing,
>> and i think that my thoughts are alligned with Jens.
>>
>> We want
Jens,
I would be interested in participating with a destination blackhole
service, so long as peers were authenticated and only authorized to
advertise /32s out of space that they are assigned -- hopefully the same
OrgID is used for the ASN as the IP allocations.
However, a blackhole service
Steven M. Bellovin wrote:
In other words, a legitimate prefix hijacking service...
Absolutely, NOT. The origin AS will still be the AS that controls the IP
space. In fact, I think SBGP would be great for a layout like this to
secure down the injections. That being said, prefix lists with md5
blackholing victims is an interesting economics proposition. you're saying
the attacker must always win but that they must not be allowed to affect the
infrastructure. and you're saying victims will request this, since they know
they can't withstand the attack and don't want to be held responsibl
tools. _Experience_ has also demonstrated that you DO NOT let the bad guys
know about the details of what you do to fight them.
The people who DOS your network are most like know - if not already on
NANOG!
All of you what are getting fired up about a "Global Blackhole Service"
.
1. Mak
Listen online to my favorite hip hop radio station http://www.Jellyradio.com
On Feb 13, 2009, at 9:35 AM, Paul Vixie wrote:
blackholing victims is an interesting economics proposition. you're
saying
the attacker must always win but that they must not be allowed to
affect the
infrastruct
2009 9:23 AM
> To: Paul Vixie
> Cc: na...@merit.edu
> Subject: Re: Global Blackhole Service
>
> Paul Vixie wrote:
> > i think Spamhaus and Cymru are way ahead of you in
> implementing such a
> > thing, and it's likely that there are even commercial
> altern
Paul Vixie wrote:
blackholing victims is an interesting economics proposition. you're saying
the attacker must always win but that they must not be allowed to affect the
infrastructure. and you're saying victims will request this, since they know
they can't withstand the attack and don't want t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jack Bates schrieb:
> Paul Vixie wrote:
>
> Do you have a miraculous way to stop DDOS? Is there now a way to quickly
> and efficiently track down forged packets? Is there a remedy to shutting
> down the *known* botnets, not to mention the unknown ones
On Fri, Feb 13, 2009 at 1:04 PM, Jack Bates wrote:
> Paul Vixie wrote:
>>
>> blackholing victims is an interesting economics proposition. you're
>> saying
>> the attacker must always win but that they must not be allowed to affect
>> the
>> infrastructure. and you're saying victims will request
: Global Blackhole Service
On Fri, Feb 13, 2009 at 1:04 PM, Jack Bates wrote:
> Paul Vixie wrote:
>>
>> blackholing victims is an interesting economics proposition. you're
>> saying
>> the attacker must always win but that they must not be allowed to affect
>> the
* Valdis Kletnieks:
> On Fri, 13 Feb 2009 15:57:32 +0100, Jens Ott - PlusServer AG said:
>> Therefore I had the following idea: Why not taking one of my old routers and
>> set it up as blackhole-service. Then everyone who is interested could set up
>> a
>> session to there and
>>
>> 1.) announce
eventually, the rpki will give you the first half, authentication
of the owner of the ip space. this leaves, as smb hinted, securing
the request path from the black-hole requestor to the service and
of the service to the users.
smb:
> You can't do this without authoritative knowledge of exactly w
Nuno et all,
Count me in for this..
Cheers,
--Ricardo
http://www.cs.ucla.edu/~rveloso
On Feb 13, 2009, at 8:41 AM, Nuno Vieira - nfsi telecom wrote:
Ok, however, what i am talking about is a competelly diferent thing,
and i think that my thoughts are alligned with Jens.
We want to have a Si
On Fri, 13 Feb 2009 15:57:32 +0100
Jens Ott - PlusServer AG wrote:
> in the last 24 hours we received two denial of service attacks with
> something like 6-8GBit volume. It did not harm us too much, but e.g.
> one of our upstreams got his Amsix-Port exploded.
[...]
> Therefore I had the following
> > where you lose me is where "the attacker must always win".
>
> Do you have a miraculous way to stop DDOS? Is there now a way to quickly
> and efficiently track down forged packets? Is there a remedy to shutting
> down the *known* botnets, not to mention the unknown ones?
there are no silver b
* Steven M. Bellovin:
> As Randy and Valdis have pointed out, if this isn't done very carefully
> it's an open invitation to a new, very effective DoS technique. You
> can't do this without authoritative knowledge of exactly who owns any
> prefix; you also have to be able to authenticate the requ
On Feb 14, 2009, at 5:43 PM, Florian Weimer wrote:
* Steven M. Bellovin:
As Randy and Valdis have pointed out, if this isn't done very
carefully
it's an open invitation to a new, very effective DoS technique. You
can't do this without authoritative knowledge of exactly who owns any
prefix; y
Florian Weimer wrote:
If you want to run a public exchange point, you need to solve the same
announcement validation problem. Multiple organizations appear to do
it successfully, so it can't be that difficult.
How exactly do you do "validation"? If I give you a list of ASes and
prefixes, wh
a minor editorial comment:
Jens Ott - PlusServer AG writes:
> Jack Bates schrieb:
>> Paul Vixie wrote:
>>
>> Do you have a miraculous way to stop DDOS? Is there now a way to quickly
>> and efficiently track down forged packets? Is there a remedy to shutting
>> down the *known* botnets, not to m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Paul Vixie schrieb:
> a minor editorial comment:
>
> Jens Ott - PlusServer AG writes:
>
>> Jack Bates schrieb:
>>> Paul Vixie wrote:
>>>
>>> Do you have a miraculous way to stop DDOS? Is there now a way to quickly
>>> and efficiently track dow
Paul Vixie wrote:
> the quoted text was written by jack bates, not paul vixie.
the problem of misattributed quotations is greatly exacerbated by
those who do not clearly attribute the text(s) they are quoting.
randy
[]
I keep reading this subject as "Global Backhoe Service", ie, the sworn
enemy of NANOG :)
Mike
On Feb 15, 2009, at 1:46 PM, Michael Thomas wrote:
[]
I keep reading this subject as "Global Backhoe Service", ie, the sworn
enemy of NANOG :)
Why ? At the Global Backhoe Service your dues will go to our
initiative to place an iPhone running Google latitude on every backhoe
on the plane
Jens Ott - PlusServer AG wrote:
Therefore I had the following idea: Why not taking one of my old routers and
set it up as blackhole-service. Then everyone who is interested could set up a
session to there and
I do something similar on our network with a RTBH trigger router. I
peer with it fro
41 matches
Mail list logo
