2011/2/22 Jared Mauch <ja...@puck.nether.net>: > Also: > > http://docs.as701.net/tmp/CustomerBlackhole.txt > > Remember to set eBGP multihop on sessions for the next-hop rewrite capability > :)
oh hey, I was looking for that! :) (I'll try to re-setup the www.secsup.org links tonight) ... this is a 'how to setup so a customer can blackhole', which you should be able to easily hack to 'make my quagga server a customer, make him be able to blackhole all of 0/0 by /32s' keep in mind also that somethings do not react well to k's of /32's ... > - Jared > > On Feb 22, 2011, at 4:54 PM, Łukasz Bromirski wrote: > >> On 2011-02-22 22:42, David Hubbard wrote: >>> I was wondering if anyone has a howto floating around on the >>> step by step setup of having an internal bgp peer for sending >>> quick updates to border routers to null route sources of >>> undesirable traffic? I've seen it discussed on nanog from >>> time to time, typically suggesting using Zebra, but could >>> not search up a link on a step by step. >> >> Take a look here for starters: >> http://www.cisco.com/web/about/security/intelligence/blackhole.pdf >> >> Searching through NANOG archives will return a couple of sessions >> that went through the other vendor configs for such functionality. >> >> -- >> "There's no sense in being precise when | Łukasz Bromirski >> you don't know what you're talking | jid:lbromir...@jabber.org >> about." John von Neumann | http://lukasz.bromirski.net > > >