Do this, configure and use blackhole routing with your upstream, this is how you stop an attack
How to detect it, use netflow.
On Jan 16, 2006, at 8:48 AM, Gustavo Rodrigues Ramos wrote:
> Patrick W. Gilmore wrote:
>>
>> Not much you can do about this in general. In your specific case,
>> since we don't know why your sessions died, we don't know what to
>> suggest to stop it. Perhaps change the timers with your upstream?
>
> My BGP connections (and annoucements) with/to my ISPs are all fine.
>
> The problem takes place five or six AS far from me... Where I can't do
> much. I still can't reach some prefixes announced by large ISPs.
>
> At the first time, I thought an e-mail to the NOC of the network I
> can't
> reach can solve the problem, but it was a waste of time...
I'm a little confused.
Are you saying you dampened the prefixes of some other network? If
so, it sounds like this is 100% in your control.
If the BGP sessions between you and your upstreams / peers never
flapped, no one should have dampened you. (I can see it possibly
happening if someone else in the path between you and $OtherNetwork
is attacked and therefore flaps your routes, but that would affect a
lot of networks, not just you.)
--
TTFN,
patrick