Ryan Hamel
Sent: Wednesday, April 18, 2018 11:38 AM
To: nanog@nanog.org
Subject: Attacks on BGP Routing Ranges
Hello,
I wanted to poll everyones thoughts on how to deal with attacks directly on BGP
peering ranges (/30's, /127's).
I know that sending an RTBH for our side of the upstrea
Maybe we are missing a key item here.
Ryan, is the attack on the BGP peering range killing your router or is
it an attack saturating the link?
Do you have some netflow samples of one of these attacks or any kind of
hints of what happened?
Jean St-Laurent
On 04/18/2018 11:01 PM, Roland Do
On 18 Apr 2018, at 18:03, Ryan Hamel wrote:
Could you explain how this can resolve my issue? I am not sure how
this would work.
You should have iACLs and GTSM enabled, as noted previously.
Ideally, the link should come from an unadvertised range, or a range
which is sunk to null0 at the ed
On Wed, Apr 18, 2018 at 7:03 AM, Ryan Hamel wrote:
> The attacks are definitely inbound on the border router interface. I have
> tracked outbound attacks before and wish it was this simple, but its not.
>
>> a) edge filter, on all edge interfaces ensure that only udp traceroute, icmp
>> are sent
Hey,
On 18 April 2018 at 14:03, Ryan Hamel wrote:
>> a) edge filter, on all edge interfaces ensure that only udp traceroute, icmp
>> are sent (policed) to infrastructure addresses
>
> While I can implement an edge filter to drop such traffic, it's impacting our
> clients traffic as well.
I d
On Wed, 18 Apr 2018, Ryan Hamel wrote:
c) do run BGP with GTSM, so you can drop BGP packets with lower TTL than 255
Could you explain how this can resolve my issue? I am not sure how this would
work.
If the issue is flooding to your interface IP, that's not a relevant
countermeasure. You'
resolve my issue? I am not sure how this would
work.
Thanks for your input!
Ryan Hamel
From: Saku Ytti
Sent: Wednesday, April 18, 2018 3:48 AM
To: Ryan Hamel
Cc: nanog@nanog.org
Subject: Re: Attacks on BGP Routing Ranges
Hey Ryan,
I'm assuming edg
From: Job Snijders
Sent: Wednesday, April 18, 2018 3:44 AM
To: Ryan Hamel
Cc: nanog@nanog.org
Subject: Re: Attacks on BGP Routing Ranges
Hi,
On Wed, 18 Apr 2018 at 11:39, Ryan Hamel
mailto:ryan.ha...@quadranet.com>> wrote:
I wanted to poll everyones thoughts on how t
Hey Ryan,
I'm assuming edge link in your network facing another administrative domain.
You'll have two scenarios
1) attack coming from your side
2) attack coming from far side
You can easily stop 1, obviously.
But for 2, you really need to have far-side who is cooperative and
understanding of
Hi,
On Wed, 18 Apr 2018 at 11:39, Ryan Hamel wrote:
> I wanted to poll everyones thoughts on how to deal with attacks directly
> on BGP peering ranges (/30's, /127's).
>
> I know that sending an RTBH for our side of the upstream routing range
> does not resolve the issue, and it would actually m
Hello,
I wanted to poll everyones thoughts on how to deal with attacks directly on BGP
peering ranges (/30's, /127's).
I know that sending an RTBH for our side of the upstream routing range does not
resolve the issue, and it would actually make things worse by blackholing all
inbound traffic o
11 matches
Mail list logo
