A customer (!) pointed us to the MELANI BGP Blackhole Service which has been around for almost two years, apparently.
For technical details see the attached file.
Are we the only ones not aware of it? I don't recall an official announcement by the MELANI team in this list or elsewhere in the community, and as far as I know it hasn't been discussed yet within SwiNOG.
While the technical implementation seems to be rather simple - an eBGP multihop session to the IP address mentioned (hosted by nine.ch), a number of legal, operational and political questions are remaining:
- no IPv6 implementation, no backup (2nd) host
- how is the list of IP addresses maintained? Is there a regular check and removal procedure of no-longer-botnet-addresses?
- is there any guarantee that the infrastructure will never be abused for (state) censorship?
- how to implement it only for end users which do want the service while not distributing the black holes in the whole backbone
- and, last but not least, why MELANI team or the so called "Outreach Team vom Bund" (Quote customers email) never told the SwiNOG community about the idea? Instead, they are suggesting strange things: "Gemäss outreach, ist das bei Init7 nicht möglich da dieses gegen eure Policy verstosst?"
I suppose MELANI and the "Outreach Team vom Bund" should give some explanations. They do know where to find the SwiNOG community, and their style of (non-)communication is not acceptable.