nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: automatic rtbh trigger using flow data

From: "Aaron Gould" <aaron1 () gvtc com>
Date: Thu, 30 Aug 2018 15:08:16 -0500
Wow, 4 replies for fastnetmon, thanks Ryan, Vincente, Job and Kushal

 

I'll look into it

 

-Aaron

 

From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Aaron Gould
Sent: Thursday, August 30, 2018 2:53 PM
To: Nanog () nanog org
Subject: automatic rtbh trigger using flow data 

 

Hi, does anyone know how to use flow data to trigger a rtbh (remotely
triggered blackhole) route using bgp ?  .I'm thinking we could use quagga or
a script of some sort to interact with a router to advertise to bgp the /32
host route of the victim under attack.

 

Btw, I already have nfsen running and we receive real-time alters of various
types of attacks, high volume, high ports, etc. and then we telnet into a
cisco trigger router and drop a few lines of code into it and then bgp does
the rest within seconds, the upstream providers learn of this route via
communities and they rtbh it in their cloud, BUT, I would like my alerts to
do this automatically. that would be very nice.  Any guidance would be
appreciated.

 

-Aaron
Previous By Date Next
Previous By Thread Next

Current thread: