Black Hole Filtering
August 16, 2011
Craig Lant
Berkeley Lab
NERSC Security Team
NERSC security routinely blocks network traffic from external hosts that appear to be hostile. Up to now, the mechanism we've used to do this has been an access control list (ACL) configured into our core router. While this method has served us well for many years, we are reaching the limits of it's effectiveness. To address this, we're changing to a different mechanism for blocking known as remotely triggered black hole (RTBH) filtering. In this talk I will describe both methods of blocking. I'll present the results of testing that show the new method to be a significant improvement over the old method. And, I'll discuss why RTBH filtering performs so much better than an ACL in a router.
Downloads
About NERSC and Berkeley Lab
The National Energy Research Scientific Computing Center (NERSC) is the primary high-performance computing facility for scientific research sponsored by the U.S. Department of Energy's Office of Science. Located at Lawrence Berkeley National Laboratory, the NERSC Center serves more than 4,000 scientists at national laboratories and universities researching a wide range of problems in combustion, climate modeling, fusion energy, materials science, physics, chemistry, computational biology, and other disciplines. Berkeley Lab is a U.S. Department of Energy national laboratory located in Berkeley, California. It conducts unclassified scientific research and is managed by the University of California for the U.S. DOE Office of Science. For more information about computing sciences at Berkeley Lab, please visit www.lbl.gov/cs.
