North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DDoS mitigation with BGP communities
On Mon, 14 Jun 2004, Matthew Crocker wrote: > > > Hello, > > I just experienced my first official DDoS attack against my network. > I never realized how helpless I was :(. I had roughly 70 mbps of > traffic aimed at one IP. The IP wasn't even in use, I'm assuming > someone typed the wrong IP and meant to send it somewhere else. I shut > it down by removing the /24 announcement. This was fine except for > the customers on that /24. I know my upstreams have special > communities I can set via BGP announcements that effectively say 'route > packets to this network to null0'. My question is, what do I need to > put on my router (i.e. code examples) to inject the /32 into the BGP > announcements. I try to be a good net citizen and announce aggregate > blocks. I had to break my /21 up so I could announce everything but > the /24 in the middle. Any help would be greatly appreciated. I think this was covered a few times, but: http://www.secsup.org/CustomerBlackHole/ includes some config snippets for you there.
|