DDoS attacks remain a serious threat not only to the edge of the
Internet but also to the core peering links at Internet Exchange Points.
Blackholing at IXPs is an operational technique that allows a peer to
announce a prefix via BGP to another peer, which then discards traffic
destined for this prefix. However, as far as we know there is only
anecdotal evidence of the success of blackholing.
In this talk, we shed
light on the extent to which blackholing is used by the IXP members and
its impact on traffic, e.g., volumes or patterns. Within a 12 week
period we found that traffic to more than 7,864 distinct IP prefixes was
blackholed by 75 ASes.
The daily patterns emphasize that there are not
only a highly variable number of new announcements every day but,
surprisingly, there is a consistently high number of announcements
> 1000. Moreover, we highlight case studies in which blackholing succeeds
in reducing the DDoS attack traffic. In addition we briefly present the
current state of blackholing standardization within the IETF.
https://www.nanog.org/sites/default/files/Dietzel_Blackholing.pdf
No comments:
Post a Comment