2019 Technology Exchange

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Black Hole Routing

Time 12/12/19 09:00AM-09:50AM

Room Nottoway (4th)

Session Abstract

While there was an IPS device in place at the network border, and processes in place to automatically shun IP addresses exhibiting malicious behavior, the reaction time for this process could be as long as 30 minutes. Analysis of logs indicated that as many as 2/3 of the IP addresses shunned via this process never actually recorded a block; in other words, many of these malicious IP’s completed their activity and moved on before the block could become effective.

This session will discuss Pros and Cons of various methods for blocking malicious traffic and demonstrate automated techniques for different options. The discussion will include lessons learned from blocking malicious traffic at large higher education institutions over several years.


Speaker Michael Grinnell University of Virginia

Speaker David Smith Duke University

Presentation Media

Primary track Information Security

gold Sponsors

bronze Sponsors