Blackhole for DDoS mitigation

Michael Hallgren m.hallgren at free.fr
Mon Dec 30 13:17:51 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 30/12/2013 13:07, Andre Nathan a écrit :
> Hello

Hello,

I suggest you get in touch with your upstreams networks (providers),
asking them to drop that traffic at their edge. Better than the call NOC
approach, they may provide you means to signal this for example by
using BGP community values. (Further down the road, they may provide
more fine grained means. You know the nature of the attack? And you
may want to look into local ways of more service specific protection.
However, as a first step you need to clear out congestion of your
upstreams links.)

Cheers,
mh

>
>
> Let's say I'm facing a DDoS attack against one of my IP addresses. The
> attack is against a single IP, but it's flooding my network and taking
> it dow, so I'd like to blackhole it in my Bird router to mitigate the
> effects of the attack.
>
> Is this configuration enough to blackhole an address, say a.b.c.d?
>
> protocol static blackhole {
>   table master;
>   route a.b.c.d/32 blackhole;
>   import all;
> }
>
> Thank you,
> Andre
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlLBZG4ACgkQZNZ/rrgsqaffPACcCZz7msrZCAkTIwjgZu7SIg/v
QcEAoIwVD4gz7uD7jXF118GsJZ8S5quL
=IUd8
-----END PGP SIGNATURE-----




More information about the Bird-users mailing list