nanog mailing list archives
Re: automatic rtbh trigger using flow data
From: Joe Maimon <jmaimon () jmaimon com>
Date: Thu, 30 Aug 2018 19:30:18 -0400
Michel Py wrote:
Aaron Gould wrote : Hi, does anyone know how to use flow data to trigger a rtbh (remotely triggered blackhole) route using bgp ? ...I'm thinking we could use quagga or a script of some sort to interact with a router to advertise to bgp the /32 host route of the victim under attack.Look at Exabgp : https://github.com/Exa-Networks/exabgp That's what I use in here : https://arneill-py.sacramento.ca.us/cbbc/ to inject the prefixes in BGP. I block the attacker's addresses, not the victim but if you are willing to write your own scripts it does the job. Michel.
I use a bunch of scripts plus a supervisory sqlite3 database process all injecting into quagga
Also aimed at attacker sources. I feed it with honeypots and live servers, hooked into fail2ban and using independent host scripts.
Not very sophisticated, the remotes use ssh executed commands to add/delete. I also setup a promiscuous ebgp RR so I can extend my umbrella to CPE with diverse connectivity.
Using flow data, that sounds like an interesting direction to take this into, so thank you!
Joe
Current thread:
- automatic rtbh trigger using flow data Aaron Gould (Aug 30)
- Re: automatic rtbh trigger using flow data Vicente De Luca (Aug 30)
- RE: automatic rtbh trigger using flow data Ryan Hamel (Aug 30)
- RE: automatic rtbh trigger using flow data Aaron Gould (Aug 30)
- RE: automatic rtbh trigger using flow data Michel Py (Aug 30)
- RE: automatic rtbh trigger using flow data Aaron Gould (Aug 30)
- RE: automatic rtbh trigger using flow data Ryan Hamel (Aug 30)
- RE: automatic rtbh trigger using flow data Michel Py (Aug 30)
- Re: automatic rtbh trigger using flow data Joe Maimon (Aug 30)
- RE: automatic rtbh trigger using flow data Michel Py (Aug 30)
- Re: automatic rtbh trigger using flow data Aaron Gould (Aug 30)
- Re: automatic rtbh trigger using flow data Roland Dobbins (Aug 30)
- Re: automatic rtbh trigger using flow data Hugo Slabbert (Aug 31)
- Re: automatic rtbh trigger using flow data Roland Dobbins (Aug 31)
- RE: automatic rtbh trigger using flow data Aaron Gould (Aug 30)
- RE: automatic rtbh trigger using flow data Michel Py (Aug 30)
- Re: automatic rtbh trigger using flow data H I Baysal (Aug 31)
- RE: automatic rtbh trigger using flow data Ryan Hamel (Aug 31)
- Re: automatic rtbh trigger using flow data H I Baysal (Aug 31)
- Re: automatic rtbh trigger using flow data Roland Dobbins (Aug 31)