SMURF amplifier block list
hank at ibm.net.il
Tue Apr 14 09:23:03 UTC 1998
At 09:33 PM 4/13/98 -0700, Vadim Antonov wrote:
>You're right, silly me.
>Forrest W. Christian <forrestc at iMach.com> wrote:
>On Mon, 13 Apr 1998, Vadim Antonov wrote:
>> Uh. Just modify BGP routes from that feed to have a next hop pointing
>> to a black hole. route-maps are sometimes useful.
>Could someone PLEASE explain to me how this is accomplished?
>Let's assume that you do use a route-map to set next hop to a null
>interface or a black hole or something for a prefix. AND set local pref
>appropriately so that route gets preferred.
>You now have a routing entry which essentially says:
> "forward packets DESTINED FOR the evil network to the black hole".
>What you really want is a routing entry which says:
> "forward packets FROM the evil network to the black hole".
>Now, if someone could enlighten me to a way which you can get BGP to make
>a routing/filter entry to do this second one, I'd be most grateful.
Why wouldn't this work (on IOS 11.3 at least):
a) pick an unused interface (shutdown):
ip address 192.168.1.5 255.255.255.252
ip route 192.168.1.0 255.255.255.0 Null0 254
b) Say the spammer is 188.8.131.52/27:
access-list 20 permit 184.108.40.206 0.0.0.31
route-map spam-filter permit 10
match ip address 20
set ip default next-hop 192.168.1.6
c) On your Fast Ethernet - or whatever interface you use to feed pkts to
your outgoing lines:
ip policy route-map spam-filter
All outgoing pkts to 220.127.116.11/27 now should go to Null0. I am sure
one can improve on the logic even more.
More information about the NANOG