Dear John, On Wed, Oct 08, 2014 at 08:59:00AM -0500, John Kristoff wrote:
UTRS is essentially a community RTBH that people have suggested to us would be a good service to provide, so we're giving it a go.
FYI, there are various projects which are similar to this concept: http://www.de-cix.net/products-services/de-cix-frankfurt/blackholing/ https://ripe68.ripe.net/presentations/369-bgp_bh_ripe.pdf https://wiki.rtbh.me/
If you think this is a terrible idea and want to express all that is wrong with it, tell me that too, I can take it.
Just like chicory, personally I don't like it. Yes, Cymru has build a reputation as clearing house for redistribution of security related information. But... (aside from any local safety net filter), it's quite a leap to allow a single entity to inject blackholes for any prefix. There are various flavors at the moment in terms of validation (please correct me if I am wrong): The Polish blackholing project only allows blackholes which fall within the set of prefixes which an ASN originates, the DE-CIX BS service accepts anything that is a subset of your AS-SET. Both approaches have their downsides: you can make any AS or AS-SET a member of your AS-SET and thereby gain a degree of control on the RTBH server, and for $500/year you can register any route-object you want in RADB. RIPE is the only RIR which has the IRR service as a truely integral part of the database, allowing advanced automatable authentication schemes for purposes such as these. However, they only administrate for a subset of the Internet, making this direction inpractical for a universal solution. Might I suggest an alternative approach, without central validation or need for a clearing house: IXPs could offer BGP or API triggered ACLs which are inserted into the peering fabric and only affect the participant's peering port(s). This way, any blackholing (either correctly applied or malicious) only affects the initator of that blackhole and nobody else. Advantages are that aclserver does not require peers to cooperate with each other and no validation is required. Kind regards, Job