[AusNOG] Vyatta BlackHole
Jared Hirst
jared.hirst at serversaustralia.com.au
Thu Jul 24 21:09:27 EST 2014
Hi Daniel,
Do your upstream providers support the use of community tags?
If so then you can set a blackhole to go upstream of you so that the
traffic does not hit your router you would then send them a community tag
like :666 to say to them 'hey dont send me x.x.x.x/32' , if they don't then
you can just do:
Vyatta:
configure
set protocols static route <ipyouwanttoblackhole>/32 blackhole
commit
save
But blackholing an IP completes a 'ddos attack' and you should try not to
do this. best way to mitigate is to scrub!
Cheers,
Jared
On Thu, Jul 24, 2014 at 8:31 PM, Daniel Watson <Daniel at glovine.com.au>
wrote:
> Hi Guys
>
>
>
> I was wondering if somebody on or off-list might be able to assist me,
>
>
>
> I was having a chat with an industry person early this week, and was
> recommended to setup a blackhole community that I can just chuck a single
> /32 into if I need to null route it at our router,
>
>
>
> I was wondering how I can achieve this on Vyatta?
>
>
>
>
>
> Regards,
>
> Daniel Watson
>
> Network Administrator / Network Operations Manager
>
>
>
> E Daniel at GloVine.com.au
>
> W www.GloVine.com.au
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140724/b7a5244e/attachment.html>
More information about the AusNOG
mailing list