[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

automatic rtbh trigger using flow data

Subject: automatic rtbh trigger using flow data
From: jmaimon at jmaimon.com (Joe Maimon)
Date: Thu, 30 Aug 2018 19:30:18 -0400
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

Michel Py wrote:
>> Aaron Gould wrote :
>> Hi, does anyone know how to use flow data to trigger a rtbh (remotely triggered blackhole) route using bgp ?  ...I'm thinking we could use
>> quagga or a script of some sort to interact with a router to advertise to bgp the /32 host route of the victim under attack.
> Look at Exabgp : https://github.com/Exa-Networks/exabgp
> That's what I use in here : https://arneill-py.sacramento.ca.us/cbbc/ to inject the prefixes in BGP.
> I block the attacker's addresses, not the victim but if you are willing to write your own scripts it does the job.
>
> Michel.
>

I use a bunch of scripts plus a supervisory sqlite3 database process all 
injecting into quagga

Also aimed at attacker sources. I feed it with honeypots and live 
servers, hooked into fail2ban and using independent host scripts.

Not very sophisticated, the remotes use ssh executed commands to 
add/delete. I also setup a promiscuous ebgp RR so I can extend my 
umbrella to CPE with diverse connectivity.

Using flow data, that sounds like an interesting direction to take this 
into, so thank you!

Joe

Follow-Ups:
- automatic rtbh trigger using flow data
  - From: michel.py at tsisemi.com (Michel Py)

References:
- automatic rtbh trigger using flow data
  - From: aaron1 at gvtc.com (Aaron Gould)
- automatic rtbh trigger using flow data
  - From: michel.py at tsisemi.com (Michel Py)

Prev by Date: automatic rtbh trigger using flow data
Next by Date: automatic rtbh trigger using flow data
Previous by thread: automatic rtbh trigger using flow data
Next by thread: automatic rtbh trigger using flow data
Index(es):
- Date
- Thread