Hi,
in the last 24 hours we received two denial of service attacks with something
like 6-8GBit volume. It did not harm us too much, but e.g. one of our
upstreams got his Amsix-Port exploded.
With our upstreams we have remote-blackhole sessions running where we announce
/32 prefixes to blackhole at their edge, but this does not work with our
peers. Also our Decix-Port received something like 2Gbit extra-traffic during
this DoS.
I can imagine, that for some peers, especially for the once having only a thin
fiber (e.g. 1GBit) to Decix, it's not to funny having it flooded with a DoS
and that they might be interested in dropping such traffic at their edge.
Well I could discuss with my peers (at least the once who might get in trouble
with such issue) to do some individual config for some blackhole-announcement,
but most probably I'm not the only one receiving DoS and who would be
interested in such setup.
Therefore I had the following idea: Why not taking one of my old routers and
set it up as blackhole-service. Then everyone who is interested could set up a
session to there and
1.) announce /32 (/128) routes out of his prefixes to blackhole them
2.) receive all the /32 (/128) announcements from the other peers with the IPs
they want to have blackholed and rollout the blackhole to their network.
My questions to all of you:
- - What do you think about such service?
- - Would you/your ASN participate in such a service?
- - Do you see some kind of usefull feature in such a service?
- - Do you have any comments?
Thank you for telling me your opinions and best regards
- --