Home page logo

nanog logo nanog mailing list archives

Re: SMURF amplifier block list
From: Hank Nussbacher <hank () ibm net il>
Date: Tue, 14 Apr 1998 11:23:03 +0200

At 09:33 PM 4/13/98 -0700, Vadim Antonov wrote:
You're right, silly me.


Forrest W. Christian <forrestc () iMach com> wrote:

On Mon, 13 Apr 1998, Vadim Antonov wrote:

 Uh.  Just modify BGP routes from that feed to have a next hop pointing
 to a black hole.  route-maps are sometimes useful.

Could someone PLEASE explain to me how this is accomplished?

Let's assume that you do use a route-map to set next hop to a null
interface or a black hole or something for a prefix.  AND set local pref
appropriately so that route gets preferred.

You now have a routing entry which essentially says:

 "forward packets DESTINED FOR the evil network to the black hole".

What you really want is a routing entry which says:

 "forward packets FROM the evil network to the black hole".

Now, if someone could enlighten me to a way which you can get BGP to make
a routing/filter entry to do this second one, I'd be most grateful.

Why wouldn't this work (on IOS 11.3 at least):

a) pick an unused interface (shutdown):

inter s0/2
 ip address
ip route Null0 254

b) Say the spammer is

access-list 20 permit
route-map spam-filter permit 10
 match ip address 20
 set ip default next-hop

c) On your Fast Ethernet - or whatever interface you use to feed pkts to
your outgoing lines:

int fa1/0
 ip policy route-map spam-filter

All outgoing pkts to now should go to Null0.  I am sure
one can improve on the logic even more.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]