Michel Py wrote:
Aaron Gould wrote :
Hi, does anyone know how to use flow data to trigger a rtbh (remotely triggered
blackhole) route using bgp ? ...I'm thinking we could use
quagga or a script of some sort to interact with a router to advertise to bgp
the /32 host route of the victim under attack.
Look at Exabgp : https://github.com/Exa-Networks/exabgp
That's what I use in here : https://arneill-py.sacramento.ca.us/cbbc/ to inject
the prefixes in BGP.
I block the attacker's addresses, not the victim but if you are willing to
write your own scripts it does the job.
Michel.
I use a bunch of scripts plus a supervisory sqlite3 database process all
injecting into quagga
Also aimed at attacker sources. I feed it with honeypots and live
servers, hooked into fail2ban and using independent host scripts.
Not very sophisticated, the remotes use ssh executed commands to
add/delete. I also setup a promiscuous ebgp RR so I can extend my
umbrella to CPE with diverse connectivity.
Using flow data, that sounds like an interesting direction to take this
into, so thank you!
Joe