:: Forrest W. Christian writes ::
On Mon, 13 Apr 1998, Vadim Antonov wrote:
Uh. Just modify BGP routes from that feed to have a next hop pointing to a black hole. route-maps are sometimes useful.
Could someone PLEASE explain to me how this is accomplished?
Let's clarify this: -- If you take the "black hole" feed, you probably route-map so that you end up forwarding packets to the black-hole'd addresses nowhere, instead of back towards "black-hole-route-server". This (1) In no way protects your network from being smurfed (unless you are being attacked by your customers), (2) Has a punitive impact on the amplifier networks, in that their customers can no longer get to whatever resources you offer (so their end-user customers get pissed), and you're customers can't visit sites at the amplifier networks (so their information/service provider customers get pissed). This may lead to the situation being corrected. (It may also lead to some of your customers being pissed.), (3) Prevents your customers from smurfing someone else via the black-holed amplifier networks (you may or may not care). -- You can use the information obtained from such a blackhole feed to protect your network, by creating access lists, or (why would you do it this way?) creating route maps that route to a black-hole based on source-address. This cannot be done automatically in a cisco router[1]. Something would have to alter the configuration based on the blackhole data received. This could be a human being. This could be automated code (running on something other than a Cisco router). (This also assumes that your connections to your peers/upstreams are large enough that they are not signifigantly impacted by the load of a smurf attack.) [1] Specifically, there is no configuration command to vary the contents of an access list based on received BGP routing information, which means there is no way to route-map with a "match" that adapts to information from BGP. I think that (1) Public shame is a good method of attack on this problem, and (2) A realtime BGP feed is probably a waste. - Brett (brettf@netcom.com) ------------------------------------------------------------------------------ ... Coming soon to a | Brett Frankenberger .sig near you ... a Humorous Quote ... | brettf@netcom.com