North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: RBL-type BGP service for known rogue networks?
On Fri, Jul 07, 2000 at 09:43:07AM -0500, John Kristoff wrote: > > This form of "shunning" seems like an appropriate approach, but a little > scary. What sorts of mechanisms will prevent temporary black holes and > DoS attacks to get an otherwise cooperative organization black holed? There are at least two (probably more) schools of thought on that. The ORBS approach: Put people on the list quickly, and make it easy for them to get back off the list. The MAPS approach: Make it damn hard to get on the list. So, for instance, in the first approach, any smidgin of proof that somebody should be on the list is enough to get them on there, but any smidgin of counter-proof gets them back off. In the second approach, you need multiple credible reports from independant sources with documentation of the problem, and of your unwillingness to fix it, before you can get on the list. The Usenet Death Penalty is similar to the latter, in that you have to be a widely-known flagrant abuser, and publicly fail to respond to a lot of requests to fix the problem, before you get UDPed. Getting back off is pretty public at that point. All three of these services rely upon the notion that although you have a right to create whatever traffic you like, you don't have the right to inject any of it into my network except on my terms. After that, it's a matter of who likes what particular terms.