[dns-operations] Looking for a public blackhole/sinkhole IP address
Robert Edmonds
edmonds at mycre.ws
Thu Nov 27 00:12:56 UTC 2014
Warren Kumari wrote:
> This thingie has many aspects that look a bunch like AS112 -- I'm
> wondering if it makes sense to also request an AS number for this.
> It's not strictly needed, but having fewer inconsistent origin routes
> is always nice.
>
> It also seems that (also like AS112), networks could do this in one of
> (at least) 3 ways:
> 1: They can spin up this route purely within their own network --
> basically have one or more places where the route points at null0 /
> discard and *not announce it to peers / customers* or
> 2: announce to customers only or
> 3: be good citizens and announce it to everyone.
>
> 1 and 2 already exist, for RTBH (like you mention in the doc), they
> are just not anycasted. I wonder if we ask the IANA nicely if they'd
> assign 666.666.666.0/24 to.. oh, bugger....
>
> The more people who do this, the more benefit there is - unfortunately
> this argument often doesn't work on the Internets, but still worth
> trying...
If one is trying to dispose of "250 million DNS requests per second" [0]
or "> 1Mr/s (mega-requests per second)" [1], then you probably *don't*
want the traffic to be routed to whoever happens to have announced it,
or anywhere, really. That seems to be a much different use case (drop
the traffic as quickly and universally as possible, minimizing
collateral damage) from routing the traffic to something like a
community sinkhole.
[0] http://www.forbes.com/sites/parmyolson/2014/11/20/the-largest-cyber-attack-in-history-has-been-hitting-hong-kong-sites/
[1] https://la51.icann.org/en/schedule/mon-tech/presentation-dafa888-dos-attack-13oct14-en.pdf
--
Robert Edmonds
More information about the dns-operations
mailing list