[nsp-sec] CUTRS: Community Unwanted Traffic Removal Service

Tue May 20 00:35:11 EDT 2014

We're definitely interested in participating here.  Great ideas.    As well, we are supportive of using flow spec as an option here.   Since this idea here is pretty much to complete an attack but preserving the network.  It would be good to have a way to track when a withdrawal of the blackhole would be successful.  Some attacks last minutes, while others last days.  It would be nice to know.

Like Marc, we have the same concerns for privacy especially from those crazy Canadian's like Kneppers ;-) .

Thoughts,

Henry
ASN 4323
________________________________________
From: nsp-security [nsp-security-bounces at puck.nether.net] on behalf of John Kristoff [jtk at cymru.com]
Sent: Friday, May 16, 2014 2:15 PM
To: nsp-security at puck.nether.net
Subject: [nsp-sec] CUTRS: Community Unwanted Traffic Removal Service

----------- nsp-security Confidential --------

It is all about having a cool acronym.

Friends,

We are "soft-launching" one of our new services with you and we hope you
take to it, because we've had a lot of interest from the community to
get something like this done.  In a nutshell, this is just like the
DDoS-RS BGP route service you may be familiar with, but now instead of
using RTBH to thwart obviously obnoxious C&C's, this aims to help
remove the attack traffic destined towards victims in a DDoS further
upstream or closer to the source as possible.

Since it is the weekend, we won't set this up with anyone this week, but
will give you time to mull it over and pick this up next week.  Here is
my working page introducing the service:

  <http://www.cymru.com/jtk/misc/cutrs.html>

We also have a mailing list to foster discussion about the service and
alerts of active DDoS attacks.  We were considering having a small set
of "trusted" community folks who might help run this, so if you're an
operator with BGP and helping mitigate DDoS attacks is of interest to
you, please approach us expressing your interest to help.

This only works if we get both traffic carrying networks and victims
cooperating together.  Please contact me off list with any questions,
comments or interest in participating.

If you have some trustworthy network operators (not researchers at
this time, real networks with BGP please) in mind who might be
interested in this and are not on the list, please feel free to forward
this to them. Ideally I'd like to be cc:'d so I know where this is
going.

Kindly,

John

_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________

-------------

The content contained in this electronic message is not intended to constitute formation of a contract binding tw telecom. tw telecom will be contractually bound only upon execution, by an authorized officer, of a contract including agreed terms and conditions or by express application of its tariffs. This message is intended only for the use of the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender of this E-Mail or by telephone.