Lightning Talk: Inferring BGP Blackholing Activity in the Internet

The Border Gateway Protocol (BGP) has been used for decades as the de facto protocol to exchange reachability information among networks in the Internet. However, …

The Border Gateway Protocol (BGP) has been used for decades as the de facto protocol to exchange reachability information among networks in the Internet. However, little is known about how this protocol is used to restrict reach- ability to selected destinations, e.g., that are under attack. While such a feature, BGP blackholing, is available since 1996 a systematic study on its Internet-wide adoption, practices, network efficacy, and the profile of blackholed destinations is lacking. In this talk, we present the inferred BGP blackholing activity in the wild. Hundreds of networks, including large access providers, as well as about 40 IXPs offer blackholing service to their customers and peers. Over the last three years the number of blackholed prefixes has increased by more than 800%, with a daily average of about 4K prefixes initiated by more than 600 ASes in recent months. Our insights are relevant for operators that consider offering BGP blackholing services as well as to regulators and researchers regarding which destinations are blackholed in the Internet.