Blackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild
DDoS attacks remain a serious threat not only to the edge of the Internet but also to the core peering links at Internet Exchange Points. Blackholing at IXPs is an …
| Talk Title | Blackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild |
| Speakers | Christoph Dietzel (DE-CIX / TU Berlin) |
| Conference | NANOG67 |
| Conf Tag | |
| Location | Chicago, Illinois |
| Date | Jun 13 2016 - Jun 15 2016 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | Talk Video |
DDoS attacks remain a serious threat not only to the edge of the Internet but also to the core peering links at Internet Exchange Points. Blackholing at IXPs is an operational technique that allows a peer to announce a prefix via BGP to another peer, which then discards traffic destined for this prefix. However, as far as we know there is only anecdotal evidence of the success of blackholing. In this talk, we shed light on the extent to which blackholing is used by the IXP members and its impact on traffic, e.g., volumes or patterns. Within a 12 week period we found that traffic to more than 7,864 distinct IP prefixes was blackholed by 75 ASes. The daily patterns emphasize that there are not only a highly variable number of new announcements every day but, surprisingly, there is a consistently high number of announcements
- Moreover, we highlight case studies in which blackholing succeeds in reducing the DDoS attack traffic. In addition we briefly present the current state of blackholing standardization within the IETF.
