Community discussions

MikroTik App
  4. RouterOS
  5. Forwarding Protocols

Auto BlackHoling

Post Reply
 
zstm
just joined
Topic Author
Posts: 9
Joined: Wed May 03, 2017 7:46 pm

Auto BlackHoling

Sun Oct 28, 2018 6:36 pm

Hello, I have a system that detects attacks (DDOS) on the CCR and by BGP sends to my main router an IP address in the prefix / 32 which is being attacked.
How can I send such an IP address with a changed community to my upstreamers to cut the address? An example from BIRD:
Code: Select all
        if  ((XXX,666) ~ bgp_community ) then  {
        bgp_community = -empty-;
        bgp_community.add((1234,666));
        accept;
        }
So if it detects / 32 from community XXX, 666 changes it to 1234,666 and sends it to upstremers.
Top
 
User avatar
amt
Long time Member
Long time Member
Posts: 529
Joined: Fri Jan 16, 2015 2:05 pm

Re: Auto BlackHoling

Mon Oct 29, 2018 10:34 am

hello,
which system do you use for detect dddos ?
Top
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 767
Joined: Mon May 27, 2013 2:05 am

Re: Auto BlackHoling

Mon Oct 29, 2018 10:44 am

The question will rely on your upstream provider - so you will need to know what they expect so you can tag the route specifically. They will likely accept routes down to /32 with community <AS>:666 so they know to add as blackhole. Adjust your filters to look for routes with your own blackhole community and add the upstreams blackhole community on export.
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 60 guests
  4. RouterOS
  5. Forwarding Protocols