nanog mailing list archives
Re: Blackholing traffic by ASN
From: "Christopher Morrow" <morrowc.lists () gmail com>
Date: Wed, 30 Jan 2008 21:21:57 -0800
On Jan 30, 2008 3:54 PM, Deepak Jain <deepak () ai net> wrote:
This is prior art. (Assuming your hardware has a hardware blackhole (or you have a little router sitting on the end of a circuit)) you adjust your route-map that would deny the entry to set a community or next-hop pointing to your blackhole location. Nowadays, most equipment can blackhole internally (to null0 say) at full speed, so it isn't an issue. Just set your next hop to a good null0 style location on route import and you are done for traffic destined to those locations.
...do uRPF-loose-mode and you kill FROM these locations as well...
For inbound traffic from those locations you would need to do policy routing (because you are looking up on source). If you are trying to
(uRPF loose-mode)
block SPAM or anything TCP related, you only need to block 1 direction to end the conversation.
be cautious of 'synflooding' your internal hosts with this though... Null0 doesn't generate unreachables at packet-rate, but at a lower (1:1000 I believe on cisco by default) rate.
Sounds harsh, but hey, its your network.
wee! and for some extra fun, just append the bad-guy's ASN to your route announcements, force bgp loop-detection to kill the traffic on their end (presuming they don't default-route as well)
Current thread:
- Blackholing traffic by ASN Justin Shore (Jan 30)
- Re: Blackholing traffic by ASN Deepak Jain (Jan 30)
- Re: Blackholing traffic by ASN Christopher Morrow (Jan 30)
- Re: Blackholing traffic by ASN Chris Adams (Jan 31)
- Re: Blackholing traffic by ASN Christopher Morrow (Jan 30)
- Re: Blackholing traffic by ASN Justin M. Streiner (Jan 30)
- Re: Blackholing traffic by ASN Danny McPherson (Jan 30)
- Re: Blackholing traffic by ASN Justin Shore (Jan 31)
- <Possible follow-ups>
- Re: Blackholing traffic by ASN Paul Ferguson (Jan 30)
- Re: Blackholing traffic by ASN Paul Ferguson (Jan 30)
- Re: Blackholing traffic by ASN Deepak Jain (Jan 30)