nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SMURF amplifier block list

From: Vadim Antonov <avg () pluris com>
Date: Mon, 13 Apr 1998 21:33:39 -0700 (PDT)
You're right, silly me.

--vadim


Forrest W. Christian <forrestc () iMach com> wrote:

On Mon, 13 Apr 1998, Vadim Antonov wrote:


 Uh.  Just modify BGP routes from that feed to have a next hop pointing
 to a black hole.  route-maps are sometimes useful.


Could someone PLEASE explain to me how this is accomplished?

Let's assume that you do use a route-map to set next hop to a null
interface or a black hole or something for a prefix.  AND set local pref
appropriately so that route gets preferred.

You now have a routing entry which essentially says:

  "forward packets DESTINED FOR the evil network to the black hole".

What you really want is a routing entry which says:

  "forward packets FROM the evil network to the black hole".

Now, if someone could enlighten me to a way which you can get BGP to make
a routing/filter entry to do this second one, I'd be most grateful.

BTW, I know you can do this with PERL or config scripts or whatever.   The
point is that I don't think that a RBL-like blackhole feed will fix a
smurf attack from the "attacked" perspective, unless I have missed some
knob somewhere.

- Forrest W. Christian (forrestc () imach com)
Previous By Date Next
Previous By Thread Next

Current thread: