[nsp-sec] CUTRS: Community Unwanted Traffic Removal Service
John Kristoff
jtk at cymru.com
Sat May 17 10:43:09 EDT 2014
On Fri, 16 May 2014 15:13:28 -0600
Marc Kneppers <Marc.Kneppers at TELUS.COM> wrote:
> The issue of trust always comes up. Do we trust the input feed enough
> to assume that there will be minimal false-positives so that we¹d
> implement it at a larger-scale peering level.
This is of course of primary concern to us as well. This will not be
an open system where just anyone can submit an address or prefix they
wish to see black holed. It will need to come from a verified
originating ASN operator or IP address block admin and be further
verified by us.
> How are you addressing questions like that? I¹m assuming that this
> feed has a higher chance of false positives given that DDoS has so
> much spoofing. (you¹re going after the DDoS data plane now, not just
> the signalling plane :)
In there was any confusion, this is mitigating the attack towards a
victim by black holing the target IP address/prefix.
> (I¹m a supporter of your efforts, here, though - don¹t get me wrong -
> just asking the questions that will come)
Did I answer them sufficiently? What else should we be doing to make
this as convenient, safe and usable as possible? Want to be part of an
admin team that helps obtain and vets submissions?
John
More information about the nsp-security
mailing list