There’s also this: https://onestep.net/communities/
Chris Wright Network Administrator Velociter Wireless 209-838-1221 x115 From: Chris Wright Sent: Wednesday, June 22, 2016 8:39 AM To: af@afmug.com Subject: RE: [AFMUG] Mikrotik BGP Blackhole Community I’ve got a small list of RTBH Communities that some may find useful. You’ll want to verify that your peer has their filters set so you can advertise more specific routes than /24 for RTBH as I’ve found most will allow it only AFTER you request it. Provider RTBH Community AT&T 7018:86 Bell Canada Service Fee Req'd GTT / TiNet 3257:2666 Hurricane Electric 6939:666 Level3 3356:9999 MTS Allstream 15290:9999 Qwest 209:2 Sprint 1239:66 Verizon / MCI 701:9999 Chris Wright Network Administrator Velociter Wireless 209-838-1221 x115 From: Af [mailto:af-boun...@afmug.com] On Behalf Of Justin Wilson Sent: Wednesday, June 22, 2016 8:32 AM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community Yeah this is not a community. You advertise the blackhole Ip to their blackhole server. I assume at that point they attach some communities to it themselves and whatnot. But the way this works is an entry is added to the filter list and that get advertised to Cogent. You can do blocks of IPs, at least when I did a block a year ago. Most of it is triggered from a DNS rule that adds it to a an address list. You can then parse the address list and script in the addition to the filter rule. My problem is I have not been able to find a way to remove that entry once it expires from the address list. So it’s a manual process. Doesn’t happen very often, but still something that have to remember. Justin Wilson j...@mtin.net<mailto:j...@mtin.net> --- http://www.mtin.net Owner/CEO xISP Solutions- Consulting – Data Centers - Bandwidth http://www.midwest-ix.com COO/Chairman Internet Exchange - Peering - Distributed Fabric On Jun 22, 2016, at 10:59 AM, That One Guy /sarcasm <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> wrote: is this for a single ip? our upstream thats actually communicating said they dont support blackhole community, the other i assume wont either is this stating you can trigger at cogent even though not peered with them directly? On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson <li...@mtin.net<mailto:li...@mtin.net>> wrote: BlackHole server The Blackhole server allows customers under a DDOS attack to send all traffic to the IP address under attack to null route. To request configuration on the blackhole server: Log into eCogent and click on BGP request. You will need the following information: 1. Order Number. 2. An IP address from your network with which we will peer. 3. A password (all blackhole server sessions are password protected). All North American and Asia Pacific Customers will peer with: IPv4: 66.28.8.2 and IPv6: 2001:550:0:1000::421c:802 All European Customers will peer with: IPv4: 130.117.20.2 and IPv6: 2001:550:0:1000::8275:1402 Once your session to the blackhole server has been established, any network you announce to it will be stopped at our borders. Please note that Cogent does not warrant or guarantee that use of the blackhole server will mitigate, or minimize any effects of a DDOS attack nor does Cogent guarantee that a session to the blackhole server can be established on a timely basis. You are limited to announcing 50 prefixes to our blackhole server. If you anticipate needing to announce more, relay that request to our Customer Support department along with the technical justification for an increase in the number of prefixes to be announced. Justin Wilson j...@mtin.net<mailto:j...@mtin.net> --- http://www.mtin.net<http://www.mtin.net/> Owner/CEO xISP Solutions- Consulting – Data Centers - Bandwidth http://www.midwest-ix.com<http://www.midwest-ix.com/> COO/Chairman Internet Exchange - Peering - Distributed Fabric On Jun 22, 2016, at 10:37 AM, Kurt Fankhauser <lists.wavel...@gmail.com<mailto:lists.wavel...@gmail.com>> wrote: Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I have had to call Cogent to get IP's blacklisted previously. On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson <li...@mtin.net<mailto:li...@mtin.net>> wrote: San example with Cogent: add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 tcp-md5-key=<my-md5-key> ttl=default update-source=<interface-facing-cogent-or-ip-that-was-sent-to-Cogent> Justin Wilson j...@mtin.net<mailto:j...@mtin.net> --- http://www.mtin.net<http://www.mtin.net/> Owner/CEO xISP Solutions- Consulting – Data Centers - Bandwidth http://www.midwest-ix.com<http://www.midwest-ix.com/> COO/Chairman Internet Exchange - Peering - Distributed Fabric On Jun 20, 2016, at 7:35 PM, Matt <matt.mailingli...@gmail.com<mailto:matt.mailingli...@gmail.com>> wrote: Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to help deal with DOS attacks? Any examples of getting it too work with Mikrotik? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
