Re: DDoS mitigation with BGP communities

["Christopher L. Morrow" <christopher.morrow () mci com>]

On Mon, 14 Jun 2004, Matthew Crocker wrote:

> Hello,
>
>   I just experienced my first official DDoS attack against my network.
> I never realized how helpless I was :(.   I had roughly 70 mbps of
> traffic aimed at one IP.  The IP wasn't even in use,  I'm assuming
> someone typed the wrong IP and meant to send it somewhere else.  I shut
> it down by removing the /24 announcement.   This was fine except for
> the customers on that /24.   I know my upstreams have special
> communities I can set via BGP announcements that effectively say 'route
> packets to this network to null0'.   My question is,  what do I need to
> put on my router (i.e. code examples) to inject the /32 into the BGP
> announcements.   I try to be a good net citizen and announce aggregate
> blocks.  I had to break my /21 up so I could announce everything but
> the /24 in the middle.  Any help would be greatly appreciated.

I think this was covered a few times, but:

http://www.secsup.org/CustomerBlackHole/

includes some config snippets for you there.