nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Attacks on BGP Routing Ranges

From: Ryan Hamel <Ryan.Hamel () quadranet com>
Date: Wed, 18 Apr 2018 10:56:32 +0000
Job,

Unfortunately, with my current situation, we have stopped exporting our prefixes with the tier-1 carrier and still use 
the outbound bandwidth. I highly doubt they will implement such a solution, but is something to keep in mind for the 
future.

Thanks for the tip!

Ryan Hamel


________________________________
From: Job Snijders <job () instituut net>
Sent: Wednesday, April 18, 2018 3:44 AM
To: Ryan Hamel
Cc: nanog () nanog org
Subject: Re: Attacks on BGP Routing Ranges

Hi,

On Wed, 18 Apr 2018 at 11:39, Ryan Hamel <Ryan.Hamel () quadranet com<mailto:Ryan.Hamel () quadranet com>> wrote:
I wanted to poll everyones thoughts on how to deal with attacks directly on BGP peering ranges (/30's, /127's).

I know that sending an RTBH for our side of the upstream routing range does not resolve the issue, and it would 
actually make things worse by blackholing all inbound traffic on the carrier I send the null to. What are my options 
for carriers that are not willing to help investigate the situation or write up a firewall rule to mitigate it on the 
circuit? I am not a fan of naming and shaming because it has unintended consequences.

Thanks in advance for everyone's suggestions.


Some carriers offer "unreachable linknets", linknets that are carved from netblocks that aren't announced in the DFZ or 
are firewalled off.

If the carrier doesn't want to help, your best course of action may be to disconnect the circuit to stop the attack 
traffic.

Kind regards,

Job
Previous By Date Next
Previous By Thread Next

Current thread: