Re: [AFMUG] Mikrotik BGP Blackhole Community

[George Skorup]

Yes

On 6/22/2016 6:54 PM, Matt wrote:

Yes. Pretty easy.

/routing filter
add action=accept chain=bgp-out-gtt comment="GTT Blackhole" prefix-length=32
set-bgp-communities=3257:2666

/routing bgp network
add disabled=yes network=1.1.1.1/32 synchronize=no

The filter (at the top of the list) matches any /32 in the BGP network list
and tags it with the blackhole community.


In routing bgp network you have 1.1.1.1/32 disabled.  I take it you
set it to your IP being DOS attacked then enable it to make it
effective?  Simple as that?


On 6/20/2016 6:35 PM, Matt wrote:

Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
help deal with DOS attacks?  Any examples of getting it too work with
Mikrotik?

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Matt]

> Yes. Pretty easy.
>
> /routing filter
> add action=accept chain=bgp-out-gtt comment="GTT Blackhole" prefix-length=32
> set-bgp-communities=3257:2666
>
> /routing bgp network
> add disabled=yes network=1.1.1.1/32 synchronize=no
>
> The filter (at the top of the list) matches any /32 in the BGP network list
> and tags it with the blackhole community.


In routing bgp network you have 1.1.1.1/32 disabled.  I take it you
set it to your IP being DOS attacked then enable it to make it
effective?  Simple as that?

> On 6/20/2016 6:35 PM, Matt wrote:
>>
>> Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
>> help deal with DOS attacks?  Any examples of getting it too work with
>> Mikrotik?
>
>

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Josh Reynolds]

We actually just did over 6000 strands spliced for Cogent in an underground
datacenter they are part of. I'd love to know how it took you 2 minutes on
a change order.

On Wed, Jun 22, 2016 at 1:00 PM, Dennis Burgess 
wrote:

> Takes me a bout 2 min.  simple.
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Josh Reynolds
> *Sent:* Wednesday, June 22, 2016 10:26 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik BGP Blackhole Community
>
>
>
> It takes FOR EV ER to get any change orders with them done.
>
>
>
> Also, eCogent is *the worst* web based system I have used in almost 20
> years now in this business.
>
>
>
> On Wed, Jun 22, 2016 at 10:17 AM, Dennis Burgess 
> wrote:
>
> You have to be peered with them and open a ticket and fill out their BGPQ
> to get you added to their blackhole servers. J
>
>
>
> [image: DennisBurgessSignature]
>
> www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Wednesday, June 22, 2016 10:00 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik BGP Blackhole Community
>
>
>
> is this for a single ip?
>
>
>
> our upstream thats actually communicating said they dont support blackhole
> community, the other i assume wont either
>
>
>
> is this stating you can trigger at cogent even though not peered with them
> directly?
>
>
>
> On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson  wrote:
>
> BlackHole server
>
> The Blackhole server allows customers under a DDOS attack to send all
> traffic to the IP address under attack to null route.
>
> To request configuration on the blackhole server: Log into eCogent and
> click on BGP request. You will need the following information:
>
> 1. Order Number.
>
>  2. An IP address from your network with which we will peer.
>
> 3. A password (all blackhole server sessions are password protected).
>
>
>
>  All North American and Asia Pacific Customers will peer with:
>
>  IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802
>
>
>
> All European Customers will peer with: IPv4: 130.117.20.2 and IPv6:
> 2001:550:0:1000::8275:1402
>
>
>
> Once your session to the blackhole server has been established, any
> network you announce to it will be stopped at our borders. Please note that
> Cogent does not warrant or guarantee that use of the blackhole server will
> mitigate, or minimize any effects of a DDOS attack nor does Cogent
> guarantee that a session to the blackhole server can be established on a
> timely basis. You are limited to announcing 50 prefixes to our blackhole
> server. If you anticipate needing to announce more, relay that request to
> our Customer Support department along with the technical justification for
> an increase in the number of prefixes to be announced.
>
>
>
>
>
> Justin Wilson
>
> j...@mtin.net
>
>
>
> ---
> http://www.mtin.net Owner/CEO
>
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com  COO/Chairman
>
> Internet Exchange - Peering - Distributed Fabric
>
>
>
> On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser 
> wrote:
>
>
>
> Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I
> have had to call Cogent to get IP's blacklisted previously.
>
>
>
> On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson  wrote:
>
> San example with Cogent:
>
>
>
>
>
>
> add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
> out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
> tcp-md5-key= ttl=default 
> update-source=
>
>
>
>
>
>
>
>
>
> Justin Wilson
>
> j...@mtin.net
>
>
>
> ---
> http://www.mtin.net Owner/CEO
>
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com  COO/Chairman
>
> Internet Exchange - Peering - Distributed Fabric
>
>
>
> On Jun 20, 2016, at 7:35 PM, Matt  wrote:
>
>
>
> Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
> help deal with DOS attacks?  Any examples of getting it too work with
> Mikrotik?
>
>
>
>
>
>
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>
>

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Dennis Burgess]

Takes me a bout 2 min.  simple.

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Reynolds
Sent: Wednesday, June 22, 2016 10:26 AM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community

It takes FOR EV ER to get any change orders with them done.

Also, eCogent is *the worst* web based system I have used in almost 20 years 
now in this business.

On Wed, Jun 22, 2016 at 10:17 AM, Dennis Burgess 
mailto:dmburg...@linktechs.net>> wrote:
You have to be peered with them and open a ticket and fill out their BGPQ to 
get you added to their blackhole servers. ☺

[DennisBurgessSignature]
www.linktechs.net<http://www.linktechs.net/> – 314-735-0270 
x103 – 
dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Wednesday, June 22, 2016 10:00 AM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community

is this for a single ip?

our upstream thats actually communicating said they dont support blackhole 
community, the other i assume wont either

is this stating you can trigger at cogent even though not peered with them 
directly?

On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson 
mailto:li...@mtin.net>> wrote:
BlackHole server
The Blackhole server allows customers under a DDOS attack to send all traffic 
to the IP address under attack to null route.
To request configuration on the blackhole server: Log into eCogent and click on 
BGP request. You will need the following information:
1. Order Number.
 2. An IP address from your network with which we will peer.
3. A password (all blackhole server sessions are password protected).

 All North American and Asia Pacific Customers will peer with:
 IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802

All European Customers will peer with: IPv4: 130.117.20.2 and IPv6: 
2001:550:0:1000::8275:1402

Once your session to the blackhole server has been established, any network you 
announce to it will be stopped at our borders. Please note that Cogent does not 
warrant or guarantee that use of the blackhole server will mitigate, or 
minimize any effects of a DDOS attack nor does Cogent guarantee that a session 
to the blackhole server can be established on a timely basis. You are limited 
to announcing 50 prefixes to our blackhole server. If you anticipate needing to 
announce more, relay that request to our Customer Support department along with 
the technical justification for an increase in the number of prefixes to be 
announced.


Justin Wilson
j...@mtin.net<mailto:j...@mtin.net>

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth
http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser 
mailto:lists.wavel...@gmail.com>> wrote:

Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I have 
had to call Cogent to get IP's blacklisted previously.

On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson 
mailto:li...@mtin.net>> wrote:
San example with Cogent:



add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
tcp-md5-key= ttl=default 
update-source=




Justin Wilson
j...@mtin.net<mailto:j...@mtin.net>

---
http://www.mtin.net<http://www.mtin.net/> Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth
http://www.midwest-ix.com<http://www.midwest-ix.com/>  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

On Jun 20, 2016, at 7:35 PM, Matt 
mailto:matt.mailingli...@gmail.com>> wrote:

Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
help deal with DOS attacks?  Any examples of getting it too work with
Mikrotik?






--
If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Josh Reynolds]

Yes, similar issue. Our sales guy was on vacation when we put the
order in, so it took about a week and a half to respond, another week
to clear up our DBA name being different from our sales order name
with them (showed them our ARIN internal documentation), and another 4
weeks to get a hard date on when it was to be completed.

We've also just started buying /20's at this point at auction. It's
not cheap, but it's effective.

On Wed, Jun 22, 2016 at 10:37 AM, Justin Wilson  wrote:
> Cogent has really started sucking on things like this since it was all
> turned over to sales.  Now, anytime you want to peer with their blackhole
> server, bring up BGP, our modify your BGp session it’s a sales order.  It
> took me 4 weeks to get a BGP session turned up on an existing circuit a few
> months ago.  The weak link was the sales person not responding in a timely
> manner. I get, with the exhaustion of IPv4, they are monetizing the /30 or
> /29’s that used to be taken for granted.  I think, at least in our case, the
> sales person had bigger fish to chase and spending time on a BGP sales order
> which they charge $50 a month for was not worth his time.  I could be wrong,
> but thats what it seemed.
>
> Justin Wilson
> j...@mtin.net
>
> ---
> http://www.mtin.net Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com  COO/Chairman
> Internet Exchange - Peering - Distributed Fabric
>
> On Jun 22, 2016, at 11:26 AM, Josh Reynolds  wrote:
>
> It takes FOR EV ER to get any change orders with them done.
>
> Also, eCogent is *the worst* web based system I have used in almost 20 years
> now in this business.
>
> On Wed, Jun 22, 2016 at 10:17 AM, Dennis Burgess 
> wrote:
>>
>> You have to be peered with them and open a ticket and fill out their BGPQ
>> to get you added to their blackhole servers. J
>>
>>
>>
>> 
>>
>> www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net
>>
>>
>>
>> From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
>> Sent: Wednesday, June 22, 2016 10:00 AM
>> To: af@afmug.com
>> Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community
>>
>>
>>
>> is this for a single ip?
>>
>>
>>
>> our upstream thats actually communicating said they dont support blackhole
>> community, the other i assume wont either
>>
>>
>>
>> is this stating you can trigger at cogent even though not peered with them
>> directly?
>>
>>
>>
>> On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson  wrote:
>>
>> BlackHole server
>>
>> The Blackhole server allows customers under a DDOS attack to send all
>> traffic to the IP address under attack to null route.
>>
>> To request configuration on the blackhole server: Log into eCogent and
>> click on BGP request. You will need the following information:
>>
>> 1. Order Number.
>>
>>  2. An IP address from your network with which we will peer.
>>
>> 3. A password (all blackhole server sessions are password protected).
>>
>>
>>
>>  All North American and Asia Pacific Customers will peer with:
>>
>>  IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802
>>
>>
>>
>> All European Customers will peer with: IPv4: 130.117.20.2 and IPv6:
>> 2001:550:0:1000::8275:1402
>>
>>
>>
>> Once your session to the blackhole server has been established, any
>> network you announce to it will be stopped at our borders. Please note that
>> Cogent does not warrant or guarantee that use of the blackhole server will
>> mitigate, or minimize any effects of a DDOS attack nor does Cogent guarantee
>> that a session to the blackhole server can be established on a timely basis.
>> You are limited to announcing 50 prefixes to our blackhole server. If you
>> anticipate needing to announce more, relay that request to our Customer
>> Support department along with the technical justification for an increase in
>> the number of prefixes to be announced.
>>
>>
>>
>>
>>
>> Justin Wilson
>>
>> j...@mtin.net
>>
>>
>>
>> ---
>> http://www.mtin.net Owner/CEO
>>
>> xISP Solutions- Consulting – Data Centers - Bandwidth
>>
>> http://www.midwest-ix.com  COO/Chairman
>>
>> Internet Exchange - Peering - Distributed Fabric
>>
>>
>>
>> On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser 
>> wrote:
>>
>>
>>
>> Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I
>> have 

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Chris Wright]

I’ve got a small list of RTBH Communities that some may find useful. You’ll 
want to verify that your peer has their filters set so you can advertise more 
specific routes than /24 for RTBH as I’ve found most will allow it only AFTER 
you request it.

Provider

RTBH Community

AT&T

7018:86

Bell Canada

Service Fee Req'd

GTT / TiNet

3257:2666

Hurricane Electric

6939:666

Level3

3356:

MTS Allstream

15290:

Qwest

209:2

Sprint

1239:66

Verizon / MCI

701:



Chris Wright
Network Administrator
Velociter Wireless
209-838-1221 x115

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Justin Wilson
Sent: Wednesday, June 22, 2016 8:32 AM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community

Yeah this is not a community.

You advertise the blackhole Ip to their blackhole server.  I assume at that 
point they attach some communities to it themselves and whatnot.  But the way 
this works is an entry is added to the filter list and that get advertised to 
Cogent.  You can do blocks of IPs, at least when I did a block a year ago.  
Most of it is triggered from a DNS rule that adds it to a an address list.  You 
can then parse the address list and script in the addition to the filter rule.  
My problem is I have not been able to find a way to remove that entry once it 
expires from the address list.  So it’s a manual process.  Doesn’t happen very 
often, but still something that have to remember.


Justin Wilson
j...@mtin.net<mailto:j...@mtin.net>

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth
http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

On Jun 22, 2016, at 10:59 AM, That One Guy /sarcasm 
mailto:thatoneguyst...@gmail.com>> wrote:

is this for a single ip?

our upstream thats actually communicating said they dont support blackhole 
community, the other i assume wont either

is this stating you can trigger at cogent even though not peered with them 
directly?

On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson 
mailto:li...@mtin.net>> wrote:
BlackHole server
The Blackhole server allows customers under a DDOS attack to send all traffic 
to the IP address under attack to null route.
To request configuration on the blackhole server: Log into eCogent and click on 
BGP request. You will need the following information:
1. Order Number.
 2. An IP address from your network with which we will peer.
3. A password (all blackhole server sessions are password protected).

 All North American and Asia Pacific Customers will peer with:
 IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802

All European Customers will peer with: IPv4: 130.117.20.2 and IPv6: 
2001:550:0:1000::8275:1402

Once your session to the blackhole server has been established, any network you 
announce to it will be stopped at our borders. Please note that Cogent does not 
warrant or guarantee that use of the blackhole server will mitigate, or 
minimize any effects of a DDOS attack nor does Cogent guarantee that a session 
to the blackhole server can be established on a timely basis. You are limited 
to announcing 50 prefixes to our blackhole server. If you anticipate needing to 
announce more, relay that request to our Customer Support department along with 
the technical justification for an increase in the number of prefixes to be 
announced.


Justin Wilson
j...@mtin.net<mailto:j...@mtin.net>

---
http://www.mtin.net<http://www.mtin.net/> Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth
http://www.midwest-ix.com<http://www.midwest-ix.com/>  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser 
mailto:lists.wavel...@gmail.com>> wrote:

Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I have 
had to call Cogent to get IP's blacklisted previously.

On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson 
mailto:li...@mtin.net>> wrote:
San example with Cogent:



add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
tcp-md5-key= ttl=default 
update-source=




Justin Wilson
j...@mtin.net<mailto:j...@mtin.net>

---
http://www.mtin.net<http://www.mtin.net/> Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth
http://www.midwest-ix.com<http://www.midwest-ix.com/>  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

On Jun 20, 2016, at 7:35 PM, Matt 
mailto:matt.mailingli...@gmail.com>> wrote:

Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
help deal with DOS attacks?  Any examples of getting it too work with
Mikrotik?






--
If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Erich Kaiser]

And then there is upper management over there that sucks as well at least
the sales person always tends to blame them for issues... LOL


Erich Kaiser
North Central Tower
er...@northcentraltower.com
Office: 630-621-4804
Cell: 630-777-9291


On Wed, Jun 22, 2016 at 10:37 AM, Justin Wilson  wrote:

> Cogent has really started sucking on things like this since it was all
> turned over to sales.  Now, anytime you want to peer with their blackhole
> server, bring up BGP, our modify your BGp session it’s a sales order.  It
> took me 4 weeks to get a BGP session turned up on an existing circuit a few
> months ago.  The weak link was the sales person not responding in a timely
> manner. I get, with the exhaustion of IPv4, they are monetizing the /30 or
> /29’s that used to be taken for granted.  I think, at least in our case,
> the sales person had bigger fish to chase and spending time on a BGP sales
> order which they charge $50 a month for was not worth his time.  I could be
> wrong, but thats what it seemed.
>
> Justin Wilson
> j...@mtin.net
>
> ---
> http://www.mtin.net Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com  COO/Chairman
> Internet Exchange - Peering - Distributed Fabric
>
> On Jun 22, 2016, at 11:26 AM, Josh Reynolds  wrote:
>
> It takes FOR EV ER to get any change orders with them done.
>
> Also, eCogent is *the worst* web based system I have used in almost 20
> years now in this business.
>
> On Wed, Jun 22, 2016 at 10:17 AM, Dennis Burgess 
> wrote:
>
>> You have to be peered with them and open a ticket and fill out their BGPQ
>> to get you added to their blackhole servers. J
>>
>>
>>
>> 
>>
>> www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net
>>
>>
>>
>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
>> /sarcasm
>> *Sent:* Wednesday, June 22, 2016 10:00 AM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] Mikrotik BGP Blackhole Community
>>
>>
>>
>> is this for a single ip?
>>
>>
>>
>> our upstream thats actually communicating said they dont support
>> blackhole community, the other i assume wont either
>>
>>
>>
>> is this stating you can trigger at cogent even though not peered with
>> them directly?
>>
>>
>>
>> On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson  wrote:
>>
>> BlackHole server
>>
>> The Blackhole server allows customers under a DDOS attack to send all
>> traffic to the IP address under attack to null route.
>>
>> To request configuration on the blackhole server: Log into eCogent and
>> click on BGP request. You will need the following information:
>>
>> 1. Order Number.
>>
>>  2. An IP address from your network with which we will peer.
>>
>> 3. A password (all blackhole server sessions are password protected).
>>
>>
>>
>>  All North American and Asia Pacific Customers will peer with:
>>
>>  IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802
>>
>>
>>
>> All European Customers will peer with: IPv4: 130.117.20.2 and IPv6:
>> 2001:550:0:1000::8275:1402
>>
>>
>>
>> Once your session to the blackhole server has been established, any
>> network you announce to it will be stopped at our borders. Please note that
>> Cogent does not warrant or guarantee that use of the blackhole server will
>> mitigate, or minimize any effects of a DDOS attack nor does Cogent
>> guarantee that a session to the blackhole server can be established on a
>> timely basis. You are limited to announcing 50 prefixes to our blackhole
>> server. If you anticipate needing to announce more, relay that request to
>> our Customer Support department along with the technical justification for
>> an increase in the number of prefixes to be announced.
>>
>>
>>
>>
>>
>> Justin Wilson
>>
>> j...@mtin.net
>>
>>
>>
>> ---
>> http://www.mtin.net Owner/CEO
>>
>> xISP Solutions- Consulting – Data Centers - Bandwidth
>>
>> http://www.midwest-ix.com  COO/Chairman
>>
>> Internet Exchange - Peering - Distributed Fabric
>>
>>
>>
>> On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser 
>> wrote:
>>
>>
>>
>> Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I
>> have had to call Cogent to get IP's blacklisted previously.
>>
>>
>>
>> On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson  wrote:
>>
>>

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Chris Wright]

There’s also this: https://onestep.net/communities/

Chris Wright
Network Administrator
Velociter Wireless
209-838-1221 x115

From: Chris Wright
Sent: Wednesday, June 22, 2016 8:39 AM
To: af@afmug.com
Subject: RE: [AFMUG] Mikrotik BGP Blackhole Community

I’ve got a small list of RTBH Communities that some may find useful. You’ll 
want to verify that your peer has their filters set so you can advertise more 
specific routes than /24 for RTBH as I’ve found most will allow it only AFTER 
you request it.

Provider

RTBH Community

AT&T

7018:86

Bell Canada

Service Fee Req'd

GTT / TiNet

3257:2666

Hurricane Electric

6939:666

Level3

3356:

MTS Allstream

15290:

Qwest

209:2

Sprint

1239:66

Verizon / MCI

701:



Chris Wright
Network Administrator
Velociter Wireless
209-838-1221 x115

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Justin Wilson
Sent: Wednesday, June 22, 2016 8:32 AM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community

Yeah this is not a community.

You advertise the blackhole Ip to their blackhole server.  I assume at that 
point they attach some communities to it themselves and whatnot.  But the way 
this works is an entry is added to the filter list and that get advertised to 
Cogent.  You can do blocks of IPs, at least when I did a block a year ago.  
Most of it is triggered from a DNS rule that adds it to a an address list.  You 
can then parse the address list and script in the addition to the filter rule.  
My problem is I have not been able to find a way to remove that entry once it 
expires from the address list.  So it’s a manual process.  Doesn’t happen very 
often, but still something that have to remember.


Justin Wilson
j...@mtin.net<mailto:j...@mtin.net>

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth
http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

On Jun 22, 2016, at 10:59 AM, That One Guy /sarcasm 
mailto:thatoneguyst...@gmail.com>> wrote:

is this for a single ip?

our upstream thats actually communicating said they dont support blackhole 
community, the other i assume wont either

is this stating you can trigger at cogent even though not peered with them 
directly?

On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson 
mailto:li...@mtin.net>> wrote:
BlackHole server
The Blackhole server allows customers under a DDOS attack to send all traffic 
to the IP address under attack to null route.
To request configuration on the blackhole server: Log into eCogent and click on 
BGP request. You will need the following information:
1. Order Number.
 2. An IP address from your network with which we will peer.
3. A password (all blackhole server sessions are password protected).

 All North American and Asia Pacific Customers will peer with:
 IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802

All European Customers will peer with: IPv4: 130.117.20.2 and IPv6: 
2001:550:0:1000::8275:1402

Once your session to the blackhole server has been established, any network you 
announce to it will be stopped at our borders. Please note that Cogent does not 
warrant or guarantee that use of the blackhole server will mitigate, or 
minimize any effects of a DDOS attack nor does Cogent guarantee that a session 
to the blackhole server can be established on a timely basis. You are limited 
to announcing 50 prefixes to our blackhole server. If you anticipate needing to 
announce more, relay that request to our Customer Support department along with 
the technical justification for an increase in the number of prefixes to be 
announced.


Justin Wilson
j...@mtin.net<mailto:j...@mtin.net>

---
http://www.mtin.net<http://www.mtin.net/> Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth
http://www.midwest-ix.com<http://www.midwest-ix.com/>  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser 
mailto:lists.wavel...@gmail.com>> wrote:

Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I have 
had to call Cogent to get IP's blacklisted previously.

On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson 
mailto:li...@mtin.net>> wrote:
San example with Cogent:



add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
tcp-md5-key= ttl=default 
update-source=




Justin Wilson
j...@mtin.net<mailto:j...@mtin.net>

---
http://www.mtin.net<http://www.mtin.net/> Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth
http://www.midwest-ix.com<http://www.midwest-ix.com/>  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

On Jun 20, 2016, at 7:35 PM, Matt 
mailto:matt.mailingli...@gmail.com>> wrote:

Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
help deal with DOS attacks?  

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Justin Wilson]

Cogent has really started sucking on things like this since it was all turned 
over to sales.  Now, anytime you want to peer with their blackhole server, 
bring up BGP, our modify your BGp session it’s a sales order.  It took me 4 
weeks to get a BGP session turned up on an existing circuit a few months ago.  
The weak link was the sales person not responding in a timely manner. I get, 
with the exhaustion of IPv4, they are monetizing the /30 or /29’s that used to 
be taken for granted.  I think, at least in our case, the sales person had 
bigger fish to chase and spending time on a BGP sales order which they charge 
$50 a month for was not worth his time.  I could be wrong, but thats what it 
seemed.

Justin Wilson
j...@mtin.net

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth

http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

> On Jun 22, 2016, at 11:26 AM, Josh Reynolds  wrote:
> 
> It takes FOR EV ER to get any change orders with them done.
> 
> Also, eCogent is *the worst* web based system I have used in almost 20 years 
> now in this business.
> 
> On Wed, Jun 22, 2016 at 10:17 AM, Dennis Burgess  <mailto:dmburg...@linktechs.net>> wrote:
> You have to be peered with them and open a ticket and fill out their BGPQ to 
> get you added to their blackhole servers. J 
> 
>  
> 
> 
> 
> www.linktechs.net <http://www.linktechs.net/> – 314-735-0270 x103 
>  – dmburg...@linktechs.net 
> <mailto:dmburg...@linktechs.net>
>  
> 
> From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com>] On 
> Behalf Of That One Guy /sarcasm
> Sent: Wednesday, June 22, 2016 10:00 AM
> To: af@afmug.com <mailto:af@afmug.com>
> Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community
> 
>  
> 
> is this for a single ip?
> 
>  
> 
> our upstream thats actually communicating said they dont support blackhole 
> community, the other i assume wont either
> 
>  
> 
> is this stating you can trigger at cogent even though not peered with them 
> directly?
> 
>  
> 
> On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson  <mailto:li...@mtin.net>> wrote:
> 
> BlackHole server 
> 
> The Blackhole server allows customers under a DDOS attack to send all traffic 
> to the IP address under attack to null route. 
> 
> To request configuration on the blackhole server: Log into eCogent and click 
> on BGP request. You will need the following information: 
> 
> 1. Order Number.
> 
>  2. An IP address from your network with which we will peer. 
> 
> 3. A password (all blackhole server sessions are password protected).
> 
>  
> 
>  All North American and Asia Pacific Customers will peer with:
> 
>  IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802 
> 
>  
> 
> All European Customers will peer with: IPv4: 130.117.20.2 and IPv6: 
> 2001:550:0:1000::8275:1402 
> 
>  
> 
> Once your session to the blackhole server has been established, any network 
> you announce to it will be stopped at our borders. Please note that Cogent 
> does not warrant or guarantee that use of the blackhole server will mitigate, 
> or minimize any effects of a DDOS attack nor does Cogent guarantee that a 
> session to the blackhole server can be established on a timely basis. You are 
> limited to announcing 50 prefixes to our blackhole server. If you anticipate 
> needing to announce more, relay that request to our Customer Support 
> department along with the technical justification for an increase in the 
> number of prefixes to be announced.
> 
>  
> 
>  
> 
> Justin Wilson
> 
> j...@mtin.net <mailto:j...@mtin.net>
>  
> 
> ---
> http://www.mtin.net <http://www.mtin.net/> Owner/CEO
> 
> xISP Solutions- Consulting – Data Centers - Bandwidth
> 
> http://www.midwest-ix.com <http://www.midwest-ix.com/>  COO/Chairman
> 
> Internet Exchange - Peering - Distributed Fabric
> 
>  
> 
> On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser  <mailto:lists.wavel...@gmail.com>> wrote:
> 
>  
> 
> Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I have 
> had to call Cogent to get IP's blacklisted previously.
> 
>  
> 
> On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson  <mailto:li...@mtin.net>> wrote:
> 
> San example with Cogent:
> 
>  
> 
>  
> 
> 
> add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
> out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
> tcp-md5-key= ttl=default 
> update-source=
>  
> 
>  
> 
>  
> 
>  
> 
> Justin Wilson
> 
> j...@mtin.net <mailto:j...@mti

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Justin Wilson]

Yeah this is not a community.

You advertise the blackhole Ip to their blackhole server.  I assume at that 
point they attach some communities to it themselves and whatnot.  But the way 
this works is an entry is added to the filter list and that get advertised to 
Cogent.  You can do blocks of IPs, at least when I did a block a year ago.  
Most of it is triggered from a DNS rule that adds it to a an address list.  You 
can then parse the address list and script in the addition to the filter rule.  
My problem is I have not been able to find a way to remove that entry once it 
expires from the address list.  So it’s a manual process.  Doesn’t happen very 
often, but still something that have to remember.


Justin Wilson
j...@mtin.net

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth

http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

> On Jun 22, 2016, at 10:59 AM, That One Guy /sarcasm 
>  wrote:
> 
> is this for a single ip?
> 
> our upstream thats actually communicating said they dont support blackhole 
> community, the other i assume wont either
> 
> is this stating you can trigger at cogent even though not peered with them 
> directly?
> 
> On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson  > wrote:
> BlackHole server 
> The Blackhole server allows customers under a DDOS attack to send all traffic 
> to the IP address under attack to null route. 
> To request configuration on the blackhole server: Log into eCogent and click 
> on BGP request. You will need the following information: 
> 1. Order Number.
>  2. An IP address from your network with which we will peer. 
> 3. A password (all blackhole server sessions are password protected).
> 
>  All North American and Asia Pacific Customers will peer with:
>  IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802 
> 
> All European Customers will peer with: IPv4: 130.117.20.2 and IPv6: 
> 2001:550:0:1000::8275:1402 
> 
> Once your session to the blackhole server has been established, any network 
> you announce to it will be stopped at our borders. Please note that Cogent 
> does not warrant or guarantee that use of the blackhole server will mitigate, 
> or minimize any effects of a DDOS attack nor does Cogent guarantee that a 
> session to the blackhole server can be established on a timely basis. You are 
> limited to announcing 50 prefixes to our blackhole server. If you anticipate 
> needing to announce more, relay that request to our Customer Support 
> department along with the technical justification for an increase in the 
> number of prefixes to be announced.
> 
> 
> Justin Wilson
> j...@mtin.net 
> 
> ---
> http://www.mtin.net  Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
> 
> http://www.midwest-ix.com   COO/Chairman
> Internet Exchange - Peering - Distributed Fabric
> 
>> On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser > > wrote:
>> 
>> Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I 
>> have had to call Cogent to get IP's blacklisted previously.
>> 
>> On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson > > wrote:
>> San example with Cogent:
>> 
>> 
>> 
>> add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
>> out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
>> tcp-md5-key= ttl=default 
>> update-source=
>> 
>> 
>> 
>> 
>> Justin Wilson
>> j...@mtin.net 
>> 
>> ---
>> http://www.mtin.net  Owner/CEO
>> xISP Solutions- Consulting – Data Centers - Bandwidth
>> 
>> http://www.midwest-ix.com   COO/Chairman
>> Internet Exchange - Peering - Distributed Fabric
>> 
>>> On Jun 20, 2016, at 7:35 PM, Matt >> > wrote:
>>> 
>>> Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
>>> help deal with DOS attacks?  Any examples of getting it too work with
>>> Mikrotik?
>>> 
>> 
>> 
> 
> 
> 
> 
> -- 
> If you only see yourself as part of the team but you don't see your team as 
> part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Josh Reynolds]

It takes FOR EV ER to get any change orders with them done.

Also, eCogent is *the worst* web based system I have used in almost 20
years now in this business.

On Wed, Jun 22, 2016 at 10:17 AM, Dennis Burgess 
wrote:

> You have to be peered with them and open a ticket and fill out their BGPQ
> to get you added to their blackhole servers. J
>
>
>
> [image: DennisBurgessSignature]
>
> www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Wednesday, June 22, 2016 10:00 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik BGP Blackhole Community
>
>
>
> is this for a single ip?
>
>
>
> our upstream thats actually communicating said they dont support blackhole
> community, the other i assume wont either
>
>
>
> is this stating you can trigger at cogent even though not peered with them
> directly?
>
>
>
> On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson  wrote:
>
> BlackHole server
>
> The Blackhole server allows customers under a DDOS attack to send all
> traffic to the IP address under attack to null route.
>
> To request configuration on the blackhole server: Log into eCogent and
> click on BGP request. You will need the following information:
>
> 1. Order Number.
>
>  2. An IP address from your network with which we will peer.
>
> 3. A password (all blackhole server sessions are password protected).
>
>
>
>  All North American and Asia Pacific Customers will peer with:
>
>  IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802
>
>
>
> All European Customers will peer with: IPv4: 130.117.20.2 and IPv6:
> 2001:550:0:1000::8275:1402
>
>
>
> Once your session to the blackhole server has been established, any
> network you announce to it will be stopped at our borders. Please note that
> Cogent does not warrant or guarantee that use of the blackhole server will
> mitigate, or minimize any effects of a DDOS attack nor does Cogent
> guarantee that a session to the blackhole server can be established on a
> timely basis. You are limited to announcing 50 prefixes to our blackhole
> server. If you anticipate needing to announce more, relay that request to
> our Customer Support department along with the technical justification for
> an increase in the number of prefixes to be announced.
>
>
>
>
>
> Justin Wilson
>
> j...@mtin.net
>
>
>
> ---
> http://www.mtin.net Owner/CEO
>
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com  COO/Chairman
>
> Internet Exchange - Peering - Distributed Fabric
>
>
>
> On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser 
> wrote:
>
>
>
> Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I
> have had to call Cogent to get IP's blacklisted previously.
>
>
>
> On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson  wrote:
>
> San example with Cogent:
>
>
>
>
>
>
> add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
> out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
> tcp-md5-key= ttl=default 
> update-source=
>
>
>
>
>
>
>
>
>
> Justin Wilson
>
> j...@mtin.net
>
>
>
> ---
> http://www.mtin.net Owner/CEO
>
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com  COO/Chairman
>
> Internet Exchange - Peering - Distributed Fabric
>
>
>
> On Jun 20, 2016, at 7:35 PM, Matt  wrote:
>
>
>
> Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
> help deal with DOS attacks?  Any examples of getting it too work with
> Mikrotik?
>
>
>
>
>
>
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Erich Kaiser]

We offer it to our customers using a BGP community.


Erich Kaiser
The Fusion Network
er...@gotfusion.net
Office: 630-621-4804
Cell: 630-777-9291


On Wed, Jun 22, 2016 at 9:59 AM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> is this for a single ip?
>
> our upstream thats actually communicating said they dont support blackhole
> community, the other i assume wont either
>
> is this stating you can trigger at cogent even though not peered with them
> directly?
>
> On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson  wrote:
>
>> BlackHole server
>> The Blackhole server allows customers under a DDOS attack to send all
>> traffic to the IP address under attack to null route.
>> To request configuration on the blackhole server: Log into eCogent and
>> click on BGP request. You will need the following information:
>> 1. Order Number.
>>  2. An IP address from your network with which we will peer.
>> 3. A password (all blackhole server sessions are password protected).
>>
>>  All North American and Asia Pacific Customers will peer with:
>>  IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802
>>
>> All European Customers will peer with: IPv4: 130.117.20.2 and IPv6:
>> 2001:550:0:1000::8275:1402
>>
>> Once your session to the blackhole server has been established, any
>> network you announce to it will be stopped at our borders. Please note that
>> Cogent does not warrant or guarantee that use of the blackhole server will
>> mitigate, or minimize any effects of a DDOS attack nor does Cogent
>> guarantee that a session to the blackhole server can be established on a
>> timely basis. You are limited to announcing 50 prefixes to our blackhole
>> server. If you anticipate needing to announce more, relay that request to
>> our Customer Support department along with the technical justification for
>> an increase in the number of prefixes to be announced.
>>
>>
>> Justin Wilson
>> j...@mtin.net
>>
>> ---
>> http://www.mtin.net Owner/CEO
>> xISP Solutions- Consulting – Data Centers - Bandwidth
>>
>> http://www.midwest-ix.com  COO/Chairman
>> Internet Exchange - Peering - Distributed Fabric
>>
>> On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser 
>> wrote:
>>
>> Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I
>> have had to call Cogent to get IP's blacklisted previously.
>>
>> On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson  wrote:
>>
>>> San example with Cogent:
>>>
>>>
>>>
>>> add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
>>> out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
>>> tcp-md5-key= ttl=default 
>>> update-source=
>>>
>>>
>>>
>>>
>>>
>>> Justin Wilson
>>> j...@mtin.net
>>>
>>> ---
>>> http://www.mtin.net Owner/CEO
>>> xISP Solutions- Consulting – Data Centers - Bandwidth
>>>
>>> http://www.midwest-ix.com  COO/Chairman
>>> Internet Exchange - Peering - Distributed Fabric
>>>
>>> On Jun 20, 2016, at 7:35 PM, Matt  wrote:
>>>
>>> Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
>>> help deal with DOS attacks?  Any examples of getting it too work with
>>> Mikrotik?
>>>
>>>
>>>
>>
>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Mike Hammett]

Upstreams that don't support black holes either learn to or have full pipes. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "That One Guy /sarcasm"  
To: af@afmug.com 
Sent: Wednesday, June 22, 2016 9:59:47 AM 
Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community 


is this for a single ip? 


our upstream thats actually communicating said they dont support blackhole 
community, the other i assume wont either 


is this stating you can trigger at cogent even though not peered with them 
directly? 


On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson < li...@mtin.net > wrote: 



BlackHole server 
The Blackhole server allows customers under a DDOS attack to send all traffic 
to the IP address under attack to null route. 
To request configuration on the blackhole server: Log into eCogent and click on 
BGP request. You will need the following information: 
1. Order Number. 
2. An IP address from your network with which we will peer. 
3. A password (all blackhole server sessions are password protected). 


All North American and Asia Pacific Customers will peer with: 
IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802 


All European Customers will peer with: IPv4: 130.117.20.2 and IPv6: 
2001:550:0:1000::8275:1402 


Once your session to the blackhole server has been established, any network you 
announce to it will be stopped at our borders. Please note that Cogent does not 
warrant or guarantee that use of the blackhole server will mitigate, or 
minimize any effects of a DDOS attack nor does Cogent guarantee that a session 
to the blackhole server can be established on a timely basis. You are limited 
to announcing 50 prefixes to our blackhole server. If you anticipate needing to 
announce more, relay that request to our Customer Support department along with 
the technical justification for an increase in the number of prefixes to be 
announced. 







Justin Wilson 
j...@mtin.net 


--- 
http://www.mtin.net Owner/CEO 
xISP Solutions- Consulting – Data Centers - Bandwidth 


http://www.midwest-ix.com COO/Chairman 
Internet Exchange - Peering - Distributed Fabric 




On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser < lists.wavel...@gmail.com > 
wrote: 


Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I have 
had to call Cogent to get IP's blacklisted previously. 


On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson < li...@mtin.net > wrote: 






San example with Cogent: 





add in - filter = cogent - blackhole - in multihop = yes name = Cogent - 
BlackHole out - filter = cogent - blackhole - out remote - address = 130.117 . 
20.1 remote - as = 174 tcp - md5 - key =< my - md5 - key > ttl = default update 
- source =< interface - facing - cogent - or - ip - that - was - sent - to - 
Cogent > 









Justin Wilson 
j...@mtin.net 


--- 
http://www.mtin.net Owner/CEO 
xISP Solutions- Consulting – Data Centers - Bandwidth 


http://www.midwest-ix.com COO/Chairman 
Internet Exchange - Peering - Distributed Fabric 




On Jun 20, 2016, at 7:35 PM, Matt < matt.mailingli...@gmail.com > wrote: 


Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to 
help deal with DOS attacks? Any examples of getting it too work with 
Mikrotik? 
















-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Dennis Burgess]

You have to be peered with them and open a ticket and fill out their BGPQ to 
get you added to their blackhole servers. ☺

[DennisBurgessSignature]
www.linktechs.net<http://www.linktechs.net/> – 314-735-0270 x103 – 
dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Wednesday, June 22, 2016 10:00 AM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community

is this for a single ip?

our upstream thats actually communicating said they dont support blackhole 
community, the other i assume wont either

is this stating you can trigger at cogent even though not peered with them 
directly?

On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson 
mailto:li...@mtin.net>> wrote:
BlackHole server
The Blackhole server allows customers under a DDOS attack to send all traffic 
to the IP address under attack to null route.
To request configuration on the blackhole server: Log into eCogent and click on 
BGP request. You will need the following information:
1. Order Number.
 2. An IP address from your network with which we will peer.
3. A password (all blackhole server sessions are password protected).

 All North American and Asia Pacific Customers will peer with:
 IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802

All European Customers will peer with: IPv4: 130.117.20.2 and IPv6: 
2001:550:0:1000::8275:1402

Once your session to the blackhole server has been established, any network you 
announce to it will be stopped at our borders. Please note that Cogent does not 
warrant or guarantee that use of the blackhole server will mitigate, or 
minimize any effects of a DDOS attack nor does Cogent guarantee that a session 
to the blackhole server can be established on a timely basis. You are limited 
to announcing 50 prefixes to our blackhole server. If you anticipate needing to 
announce more, relay that request to our Customer Support department along with 
the technical justification for an increase in the number of prefixes to be 
announced.


Justin Wilson
j...@mtin.net<mailto:j...@mtin.net>

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth
http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser 
mailto:lists.wavel...@gmail.com>> wrote:

Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I have 
had to call Cogent to get IP's blacklisted previously.

On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson 
mailto:li...@mtin.net>> wrote:
San example with Cogent:



add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
tcp-md5-key= ttl=default 
update-source=




Justin Wilson
j...@mtin.net<mailto:j...@mtin.net>

---
http://www.mtin.net<http://www.mtin.net/> Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth
http://www.midwest-ix.com<http://www.midwest-ix.com/>  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

On Jun 20, 2016, at 7:35 PM, Matt 
mailto:matt.mailingli...@gmail.com>> wrote:

Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
help deal with DOS attacks?  Any examples of getting it too work with
Mikrotik?






--
If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Josh Baird]

No.  You have to have a BGP session with Cogent.

On Wed, Jun 22, 2016 at 10:59 AM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> is this for a single ip?
>
> our upstream thats actually communicating said they dont support blackhole
> community, the other i assume wont either
>
> is this stating you can trigger at cogent even though not peered with them
> directly?
>
> On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson  wrote:
>
>> BlackHole server
>> The Blackhole server allows customers under a DDOS attack to send all
>> traffic to the IP address under attack to null route.
>> To request configuration on the blackhole server: Log into eCogent and
>> click on BGP request. You will need the following information:
>> 1. Order Number.
>>  2. An IP address from your network with which we will peer.
>> 3. A password (all blackhole server sessions are password protected).
>>
>>  All North American and Asia Pacific Customers will peer with:
>>  IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802
>>
>> All European Customers will peer with: IPv4: 130.117.20.2 and IPv6:
>> 2001:550:0:1000::8275:1402
>>
>> Once your session to the blackhole server has been established, any
>> network you announce to it will be stopped at our borders. Please note that
>> Cogent does not warrant or guarantee that use of the blackhole server will
>> mitigate, or minimize any effects of a DDOS attack nor does Cogent
>> guarantee that a session to the blackhole server can be established on a
>> timely basis. You are limited to announcing 50 prefixes to our blackhole
>> server. If you anticipate needing to announce more, relay that request to
>> our Customer Support department along with the technical justification for
>> an increase in the number of prefixes to be announced.
>>
>>
>> Justin Wilson
>> j...@mtin.net
>>
>> ---
>> http://www.mtin.net Owner/CEO
>> xISP Solutions- Consulting – Data Centers - Bandwidth
>>
>> http://www.midwest-ix.com  COO/Chairman
>> Internet Exchange - Peering - Distributed Fabric
>>
>> On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser 
>> wrote:
>>
>> Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I
>> have had to call Cogent to get IP's blacklisted previously.
>>
>> On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson  wrote:
>>
>>> San example with Cogent:
>>>
>>>
>>>
>>> add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
>>> out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
>>> tcp-md5-key= ttl=default 
>>> update-source=
>>>
>>>
>>>
>>>
>>>
>>> Justin Wilson
>>> j...@mtin.net
>>>
>>> ---
>>> http://www.mtin.net Owner/CEO
>>> xISP Solutions- Consulting – Data Centers - Bandwidth
>>>
>>> http://www.midwest-ix.com  COO/Chairman
>>> Internet Exchange - Peering - Distributed Fabric
>>>
>>> On Jun 20, 2016, at 7:35 PM, Matt  wrote:
>>>
>>> Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
>>> help deal with DOS attacks?  Any examples of getting it too work with
>>> Mikrotik?
>>>
>>>
>>>
>>
>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

Re: [AFMUG] Mikrotik BGP Blackhole Community

[That One Guy /sarcasm]

is this for a single ip?

our upstream thats actually communicating said they dont support blackhole
community, the other i assume wont either

is this stating you can trigger at cogent even though not peered with them
directly?

On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson  wrote:

> BlackHole server
> The Blackhole server allows customers under a DDOS attack to send all
> traffic to the IP address under attack to null route.
> To request configuration on the blackhole server: Log into eCogent and
> click on BGP request. You will need the following information:
> 1. Order Number.
>  2. An IP address from your network with which we will peer.
> 3. A password (all blackhole server sessions are password protected).
>
>  All North American and Asia Pacific Customers will peer with:
>  IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802
>
> All European Customers will peer with: IPv4: 130.117.20.2 and IPv6:
> 2001:550:0:1000::8275:1402
>
> Once your session to the blackhole server has been established, any
> network you announce to it will be stopped at our borders. Please note that
> Cogent does not warrant or guarantee that use of the blackhole server will
> mitigate, or minimize any effects of a DDOS attack nor does Cogent
> guarantee that a session to the blackhole server can be established on a
> timely basis. You are limited to announcing 50 prefixes to our blackhole
> server. If you anticipate needing to announce more, relay that request to
> our Customer Support department along with the technical justification for
> an increase in the number of prefixes to be announced.
>
>
> Justin Wilson
> j...@mtin.net
>
> ---
> http://www.mtin.net Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com  COO/Chairman
> Internet Exchange - Peering - Distributed Fabric
>
> On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser 
> wrote:
>
> Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I
> have had to call Cogent to get IP's blacklisted previously.
>
> On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson  wrote:
>
>> San example with Cogent:
>>
>>
>>
>> add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
>> out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
>> tcp-md5-key= ttl=default 
>> update-source=
>>
>>
>>
>>
>>
>> Justin Wilson
>> j...@mtin.net
>>
>> ---
>> http://www.mtin.net Owner/CEO
>> xISP Solutions- Consulting – Data Centers - Bandwidth
>>
>> http://www.midwest-ix.com  COO/Chairman
>> Internet Exchange - Peering - Distributed Fabric
>>
>> On Jun 20, 2016, at 7:35 PM, Matt  wrote:
>>
>> Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
>> help deal with DOS attacks?  Any examples of getting it too work with
>> Mikrotik?
>>
>>
>>
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Justin Wilson]

BlackHole server 
The Blackhole server allows customers under a DDOS attack to send all traffic 
to the IP address under attack to null route. 
To request configuration on the blackhole server: Log into eCogent and click on 
BGP request. You will need the following information: 
1. Order Number.
 2. An IP address from your network with which we will peer. 
3. A password (all blackhole server sessions are password protected).

 All North American and Asia Pacific Customers will peer with:
 IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802 

All European Customers will peer with: IPv4: 130.117.20.2 and IPv6: 
2001:550:0:1000::8275:1402 

Once your session to the blackhole server has been established, any network you 
announce to it will be stopped at our borders. Please note that Cogent does not 
warrant or guarantee that use of the blackhole server will mitigate, or 
minimize any effects of a DDOS attack nor does Cogent guarantee that a session 
to the blackhole server can be established on a timely basis. You are limited 
to announcing 50 prefixes to our blackhole server. If you anticipate needing to 
announce more, relay that request to our Customer Support department along with 
the technical justification for an increase in the number of prefixes to be 
announced.


Justin Wilson
j...@mtin.net

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth

http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

> On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser  
> wrote:
> 
> Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I have 
> had to call Cogent to get IP's blacklisted previously.
> 
> On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson  > wrote:
> San example with Cogent:
> 
> 
> 
> add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
> out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
> tcp-md5-key= ttl=default 
> update-source=
> 
> 
> 
> 
> Justin Wilson
> j...@mtin.net 
> 
> ---
> http://www.mtin.net  Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
> 
> http://www.midwest-ix.com   COO/Chairman
> Internet Exchange - Peering - Distributed Fabric
> 
>> On Jun 20, 2016, at 7:35 PM, Matt > > wrote:
>> 
>> Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
>> help deal with DOS attacks?  Any examples of getting it too work with
>> Mikrotik?
>> 
> 
> 

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Kurt Fankhauser]

Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I
have had to call Cogent to get IP's blacklisted previously.

On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson  wrote:

> San example with Cogent:
>
>
>
> add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
> out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
> tcp-md5-key= ttl=default 
> update-source=
>
>
>
>
>
> Justin Wilson
> j...@mtin.net
>
> ---
> http://www.mtin.net Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com  COO/Chairman
> Internet Exchange - Peering - Distributed Fabric
>
> On Jun 20, 2016, at 7:35 PM, Matt  wrote:
>
> Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
> help deal with DOS attacks?  Any examples of getting it too work with
> Mikrotik?
>
>
>

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Justin Wilson]

San example with Cogent:



add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole 
out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 
tcp-md5-key= ttl=default 
update-source=




Justin Wilson
j...@mtin.net

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth

http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

> On Jun 20, 2016, at 7:35 PM, Matt  wrote:
> 
> Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
> help deal with DOS attacks?  Any examples of getting it too work with
> Mikrotik?
> 

Re: [AFMUG] Mikrotik BGP Blackhole Community

[John Babineaux]

Works great

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dennis Burgess
Sent: Tuesday, June 21, 2016 8:51 AM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community

Many times! 


www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net 

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Matt
Sent: Monday, June 20, 2016 6:35 PM
To: af@afmug.com
Subject: [AFMUG] Mikrotik BGP Blackhole Community

Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to help deal 
with DOS attacks?  Any examples of getting it too work with Mikrotik?

Re: [AFMUG] Mikrotik BGP Blackhole Community

[Dennis Burgess]

Many times! 


www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net 

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Matt
Sent: Monday, June 20, 2016 6:35 PM
To: af@afmug.com
Subject: [AFMUG] Mikrotik BGP Blackhole Community

Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to help deal 
with DOS attacks?  Any examples of getting it too work with Mikrotik?

Re: [AFMUG] Mikrotik BGP Blackhole Community

[George Skorup]

Yes. Pretty easy.

/routing filter
add action=accept chain=bgp-out-gtt comment="GTT Blackhole" 
prefix-length=32 set-bgp-communities=3257:2666


/routing bgp network
add disabled=yes network=1.1.1.1/32 synchronize=no

The filter (at the top of the list) matches any /32 in the BGP network 
list and tags it with the blackhole community.


On 6/20/2016 6:35 PM, Matt wrote:

Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
help deal with DOS attacks?  Any examples of getting it too work with
Mikrotik?

[AFMUG] Mikrotik BGP Blackhole Community

[Matt]

Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
help deal with DOS attacks?  Any examples of getting it too work with
Mikrotik?