Do this, configure and use blackhole routing with your upstream, this is how you stop an attack

How to detect it, use netflow.



On 1/16/06, Patrick W. Gilmore <patrick@ianai.net> wrote:

On Jan 16, 2006, at 8:48 AM, Gustavo Rodrigues Ramos wrote:

> Patrick W. Gilmore wrote:
>>
>> Not much you can do about this in general.  In your specific case,
>> since we don't know why your sessions died, we don't know what to
>> suggest to stop it.  Perhaps change the timers with your upstream?
>
> My BGP connections (and annoucements) with/to my ISPs are all fine.
>
> The problem takes place five or six AS far from me... Where I can't do
> much. I still can't reach some prefixes announced by large ISPs.
>
> At the first time, I thought an e-mail to the NOC of the network I
> can't
> reach can solve the problem, but it was a waste of time...

I'm a little confused.

Are you saying you dampened the prefixes of some other network?  If
so, it sounds like this is 100% in your control.

If the BGP sessions between you and your upstreams / peers never
flapped, no one should have dampened you.  (I can see it possibly
happening if someone else in the path between you and $OtherNetwork
is attacked and therefore flaps your routes, but that would affect a
lot of networks, not just you.)

--
TTFN,
patrick