[j-nsp] mitigating dos attack on Juniper M10i
kwarteng
kwarteng at myzipnet.com
Tue Apr 5 09:00:47 EDT 2011
Hello all,
I am having a dos attack from one of my Transit providers.
I already have a bogon filter on the router.
I have also tried a blackhole with a bgp community.
The attack still seem to be on.
My config below:
protocols {
bgp {
group xxxx {
type external;
remove-private;
peer-as xxx;
neighbor a.b.c.d {
description "eBGP with xxx";
import block_dos_attack;
export [ prefixes_out block_dos_attack ];
}
}
policy-statement block_dos_attack {
term dos_community {
from community dos_origin;
then {
community set dos_origin;
accept;
}
}
term default {
then accept;
}
}
community dos_origin members 64999:0;
}
===========
===========
firewall {
filter BLOCK-FROM-INTERNET {
term block-bogon-prefix {
from {
source-address {
0.0.0.0/8;
10.0.0.0/8;
127.0.0.0/8;
169.254.0.0/16;
128.0.0.0/24;
172.16.0.0/12;
191.255.0.0/16;
192.0.0.0/24;
192.0.2.0/24;
192.168.0.0/16;
223.255.255.0/24;
224.0.0.0/4;
240.0.0.0/5;
248.0.0.0/5;
255.255.255.255/32;
}
}
then {
count bogon-prefix;
log;
discard;
}
}
term block-anti-spoofing {
from {
source-address {
a.b.0.0/19;
}
}
then {
log;
discard;
}
}
term block-spam-to-mail {
from {
source-address {
96.230.130.132/32;
83.243.37.42/32;
70.154.241.84/32;
194.9.124.125/32;
82.128.87.27/32;
41.26.120.244/32;
64.184.250.236/32;
75.127.159.98/32;
}
destination-address {
a.b.0.d/32;
}
}
then {
count block-spam;
log;
syslog;
discard;
}
}
term DEFAULT {
then accept;
}
}
Any help please
Emmanuel
More information about the juniper-nsp
mailing list