Re: Public Subnet re-assignments

[Mel Beckman <mel () beckman org>]

If the sources are from many different IPs, it could be a DDoS attack that you simply didn’t notice before. You can 
black-hole individual IPs using a /32 null0 route. That will at least stop your border router from trying to ARP the 
destination, reducing broadcast traffic on the subnet. In fact, it’s a good idea to configure /32 null0 routes for IPs 
you don’t use. Those IPs can’t then be scanned. 

 -mel

> On Jun 25, 2019, at 3:50 PM, Scott <scott () viviotech net> wrote:
>
> No nothing like that. I'm just removing the .0/30 and 4/30 subnets and
> adding .0/29.
>
> To  your previous question, yes .0 and .3 are unused. Once I change the
> subnet .3 becomes a usable IP and it's getting hammered with traffic,
> causing packet loss.
>
> On 6/25/19 3:30 PM, Mel Beckman wrote:
> > Also, what do you mean by “join to /30 public subnets to a /29”? You can’t overlap subnets, if that’s what you’re 
> > thinking.
> >
> > -mel
> >
> > > On Jun 25, 2019, at 3:27 PM, Mel Beckman <mel () beckman org> wrote:
> > >
> > > You’re using just the two middle IPs in the four that make up the /30 set, right? IOW, the subnet x.x.x.0/30 should 
> > > have .0 and .3 unused (they’re broadcast), and you use .1 and .2.
> > >
> > > -mel
> > >
> > > > On Jun 25, 2019, at 9:41 AM, Scott <scott () viviotech net> wrote:
> > > >
> > > > First, sorry if this is a bit of a noob question.
> > > >
> > > > I'm trying to find a way of preventing a slew of traffic to an IP, or
> > > > IP's, when I join two /30 public subnets to a /29. It appears that while
> > > > the ranges are /30 someone is trying to brute-force the network and/or
> > > > broadcast addresses for the ranges. When I change them to be a /29, now
> > > > the router sees the traffic and starts dropping packets. Are there any
> > > > suggestions for mitigating this behavior or is it just the nature of the
> > > > beast?
> > > >
> > > > -- 
> > > > 101010
> -- 
> 101010