nanog mailing list archives

RE: automatic rtbh trigger using flow data

From: Ryan Hamel <Ryan.Hamel () quadranet com>
Date: Thu, 30 Aug 2018 20:48:06 +0000

Exactly Aaron. No provider will allow a customer to null route a source IP address. I could only assume that a null 
route on Michel's network is tanking the packets at their edge to 192.0.2.1 (discard/null0).

-- 
Ryan Hamel
Senior Support Engineer
ryan.hamel () quadranet com | +1 (888) 578-2372
QuadraNet Enterprises, LLC. | Dedicated Servers, Colocation, Cloud

-----Original Message-----
From: NANOG <nanog-bounces () nanog org> On Behalf Of Aaron Gould
Sent: Thursday, August 30, 2018 1:38 PM
To: 'Michel Py' <michel.py () tsisemi com>; Nanog () nanog org
Subject: RE: automatic rtbh trigger using flow data

Thanks, but what if the attacker is many... like thousands ?  ...isn't that typically what we see, is tons and tons of 
sources (hence
distributed....dos) ?

-Aaron

-----Original Message-----
From: Michel Py [mailto:michel.py () tsisemi com]
Sent: Thursday, August 30, 2018 3:17 PM
To: Aaron Gould; Nanog () nanog org
Subject: RE: automatic rtbh trigger using flow data

Aaron Gould wrote :
Hi, does anyone know how to use flow data to trigger a rtbh (remotely

triggered blackhole) route using bgp ?  ...I'm thinking we could use

quagga or a script of some sort to interact with a router to advertise 
to

bgp the /32 host route of the victim under attack.

Look at Exabgp : https://github.com/Exa-Networks/exabgp
That's what I use in here : https://arneill-py.sacramento.ca.us/cbbc/ to inject the prefixes in BGP.
I block the attacker's addresses, not the victim but if you are willing to write your own scripts it does the job.

Michel.

TSI Disclaimer:  This message and any files or text attached to it are intended only for the recipients named above and 
contain information that may be confidential or privileged. If you are not the intended recipient, you must not 
forward, copy, use or otherwise disclose this communication or the information contained herein. In the event you have 
received this message in error, please notify the sender immediately by replying to this message, and then delete all 
copies of it from your system. Thank you!...

Current thread:

automatic rtbh trigger using flow data Aaron Gould (Aug 30)
- Re: automatic rtbh trigger using flow data Vicente De Luca (Aug 30)
- RE: automatic rtbh trigger using flow data Ryan Hamel (Aug 30)
- RE: automatic rtbh trigger using flow data Aaron Gould (Aug 30)
- RE: automatic rtbh trigger using flow data Michel Py (Aug 30)
  - RE: automatic rtbh trigger using flow data Aaron Gould (Aug 30)
    - RE: automatic rtbh trigger using flow data Ryan Hamel (Aug 30)
    - RE: automatic rtbh trigger using flow data Michel Py (Aug 30)
  - Re: automatic rtbh trigger using flow data Joe Maimon (Aug 30)
    - RE: automatic rtbh trigger using flow data Michel Py (Aug 30)
    - Re: automatic rtbh trigger using flow data Aaron Gould (Aug 30)
    - Re: automatic rtbh trigger using flow data Roland Dobbins (Aug 30)
    - Re: automatic rtbh trigger using flow data Hugo Slabbert (Aug 31)
    - Re: automatic rtbh trigger using flow data Roland Dobbins (Aug 31)
    - RE: automatic rtbh trigger using flow data Michel Py (Aug 30)
    - Re: automatic rtbh trigger using flow data H I Baysal (Aug 31)
    - RE: automatic rtbh trigger using flow data Ryan Hamel (Aug 31)

(Thread continues...)