nanog mailing list archives

Re: Global Blackhole Service

From: Justin Shore <justin () justinshore com>
Date: Mon, 16 Feb 2009 17:09:49 -0600

Jens Ott - PlusServer AG wrote:

Therefore I had the following idea: Why not taking one of my old routers and
set it up as blackhole-service. Then everyone who is interested could set up a
session to there and

I do something similar on our network with a RTBH trigger router. Ipeer with it from my edges that are capable of handling that many BGProutes. I feed into it hosts that scan our networks looking for runningSSH daemons and open proxies on specific default ports. With uRPF onall our edges it will drop traffic whether the target IP is the sourceor the destination. Works slick.

The Cisco Press "Router Security Strategies" book has good examples. Atrustworthy source for BGP blacklists of sorts would be an excellentthing IMHO. I'd love to be able to reliably drop traffic from malicioushosts before they scan our network and end up in my netflow logs.Trust would be a big issue though.


Justin

Current thread:

Re: cogent issues, (continued)
- - - Re: cogent issues Michal Krsek (Feb 16)
    - Re: cogent issues neal rauhauser (Feb 16)
    - Re: cogent issues Marshall Eubanks (Feb 16)
    - Re: cogent issues Ran Liebermann (Feb 16)
    - Re: Global Blackhole Service Matthew Moyle-Croft (Feb 14)
  - Re: Global Blackhole Service Florian Weimer (Feb 13)
    - Re: Global Blackhole Service Randy Bush (Feb 13)
- Re: Global Blackhole Service Tico (Feb 13)
  - RE: Global Blackhole Service Barry Raveendran Greene (Feb 13)
- Re: Global Blackhole Service John Kristoff (Feb 14)
- Re: Global Blackhole Service Justin Shore (Feb 16)
- Re: Global Blackhole Service Nuno Vieira - nfsi telecom (Feb 13)
  - Re: Global Blackhole Service Suresh Ramasubramanian (Feb 13)
  - Re: Global Blackhole Service Paul Vixie (Feb 13)
    - Re: Global Blackhole Service Jack Bates (Feb 13)
    - Re: Global Blackhole Service Paul Vixie (Feb 13)
    - Re: Global Blackhole Service Chris Jester (Feb 13)
    - Re: Global Blackhole Service Jack Bates (Feb 13)
    - Re: Global Blackhole Service Jens Ott - PlusServer AG (Feb 13)
    - Re: Global Blackhole Service Paul Vixie (Feb 14)
    - Re: Global Blackhole Service Jens Ott - PlusServer AG (Feb 15)

(Thread continues...)