[j-nsp] blackhole routing - RPF
Steinar Torsvik
steinar at fasthost.no
Wed Jul 20 03:34:22 EDT 2005
Hi,
Rafal Szarecki (WA/EPO) wrote:
> And to stop DoS (and dDoS) attack one of technics is black-hole
routing of DESTINATION (victim). This of course effectivly turn off
attacked host from network, but protect capacity of links and service
for all other hosts. Theis technology requires to instal /32 blachole as
close to attack source as possinle - on all external-facing interfaces.
You can use BGP to automaticaly propagate list of host-routes to be
black-holed. If I remember corectly this is called "community-base
filtering".
> Anyway to use this technique you has to know 2 things: 1) the attack
is ongoinga, and 2) victim's IP address. To has this knowlege use of
traffic sampling, J-flow export and on-line flow analysis is one of
possible way. But then we start to talk about OSS system...
Configuration example can be found here:
http://www.secsup.org/CustomerBlackHole/
You can often find the community number listed in the RIPE database if
you do a whois lookup for your ISPs AS number, for other regions of the
world not supported by RIPE i have no experience :-). If you can not
find it you should contact them, most of the larger ISPs (at least from
my minor experience from the few present in Norway :-) ) supports
blackholing today.
--
Regards,
Steinar Torsvik
Fasthost AS
Tlf: +47 22 00 88 50
Mob: +47 99 02 99 88
More information about the juniper-nsp
mailing list