Yeah this is not a community. You advertise the blackhole Ip to their blackhole server. I assume at that point they attach some communities to it themselves and whatnot. But the way this works is an entry is added to the filter list and that get advertised to Cogent. You can do blocks of IPs, at least when I did a block a year ago. Most of it is triggered from a DNS rule that adds it to a an address list. You can then parse the address list and script in the addition to the filter rule. My problem is I have not been able to find a way to remove that entry once it expires from the address list. So it’s a manual process. Doesn’t happen very often, but still something that have to remember.
Justin Wilson j...@mtin.net --- http://www.mtin.net Owner/CEO xISP Solutions- Consulting – Data Centers - Bandwidth http://www.midwest-ix.com COO/Chairman Internet Exchange - Peering - Distributed Fabric > On Jun 22, 2016, at 10:59 AM, That One Guy /sarcasm > <thatoneguyst...@gmail.com> wrote: > > is this for a single ip? > > our upstream thats actually communicating said they dont support blackhole > community, the other i assume wont either > > is this stating you can trigger at cogent even though not peered with them > directly? > > On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson <li...@mtin.net > <mailto:li...@mtin.net>> wrote: > BlackHole server > The Blackhole server allows customers under a DDOS attack to send all traffic > to the IP address under attack to null route. > To request configuration on the blackhole server: Log into eCogent and click > on BGP request. You will need the following information: > 1. Order Number. > 2. An IP address from your network with which we will peer. > 3. A password (all blackhole server sessions are password protected). > > All North American and Asia Pacific Customers will peer with: > IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802 > > All European Customers will peer with: IPv4: 130.117.20.2 and IPv6: > 2001:550:0:1000::8275:1402 > > Once your session to the blackhole server has been established, any network > you announce to it will be stopped at our borders. Please note that Cogent > does not warrant or guarantee that use of the blackhole server will mitigate, > or minimize any effects of a DDOS attack nor does Cogent guarantee that a > session to the blackhole server can be established on a timely basis. You are > limited to announcing 50 prefixes to our blackhole server. If you anticipate > needing to announce more, relay that request to our Customer Support > department along with the technical justification for an increase in the > number of prefixes to be announced. > > > Justin Wilson > j...@mtin.net <mailto:j...@mtin.net> > > --- > http://www.mtin.net <http://www.mtin.net/> Owner/CEO > xISP Solutions- Consulting – Data Centers - Bandwidth > > http://www.midwest-ix.com <http://www.midwest-ix.com/> COO/Chairman > Internet Exchange - Peering - Distributed Fabric > >> On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser <lists.wavel...@gmail.com >> <mailto:lists.wavel...@gmail.com>> wrote: >> >> Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I >> have had to call Cogent to get IP's blacklisted previously. >> >> On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson <li...@mtin.net >> <mailto:li...@mtin.net>> wrote: >> San example with Cogent: >> >> >> >> add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole >> out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 >> tcp-md5-key=<my-md5-key> ttl=default >> update-source=<interface-facing-cogent-or-ip-that-was-sent-to-Cogent> >> >> >> >> >> Justin Wilson >> j...@mtin.net <mailto:j...@mtin.net> >> >> --- >> http://www.mtin.net <http://www.mtin.net/> Owner/CEO >> xISP Solutions- Consulting – Data Centers - Bandwidth >> >> http://www.midwest-ix.com <http://www.midwest-ix.com/> COO/Chairman >> Internet Exchange - Peering - Distributed Fabric >> >>> On Jun 20, 2016, at 7:35 PM, Matt <matt.mailingli...@gmail.com >>> <mailto:matt.mailingli...@gmail.com>> wrote: >>> >>> Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to >>> help deal with DOS attacks? Any examples of getting it too work with >>> Mikrotik? >>> >> >> > > > > > -- > If you only see yourself as part of the team but you don't see your team as > part of yourself you have already failed as part of the team.
