On Wed, May 04, 2005 at 02:55:56PM -0400, Will H. Backman wrote:
> Anyone have an example bgpd.conf that uses the nexthop blackhole option
> for null routing ddos attacks?
>
> Looking for an openbsd version of:
> http://www.secsup.org/Tracking/
>
Depends on what you like to achive but a basic starting point is:
match from any community 65001:666 set nexthop blackhole
This will blackhole all prefixes with the community tag set to 65001:666.
Normaly 65001 is your AS and it may be good to limit the match to a group
of neighbors (only customers should send you blackhole requests).
Last but not least a peer remote-as == source-as check would be good.
match from $customer source-as $customer_as community $myas:666 \
set nexthop blackhole
--
:wq Claudio
