Michael, Ive not tried the method you are suggesting.
The idea with source based RTBH is to use URPF loose mode to drop the traffic based on source address of the packet, to prevent whats effectively a DOS to the target when using the alternative destination based RTBH. What you are doing is basically a pre setup of your devices, with the relevant static routes to null0 and BGP configuration, so you only need to apply the static route to 86.86.86.86 with a tag of 86 to the trigger router. Which will quickly prevent such attacks. Once advertised, URPF will then drop any packets from this source, based on it expecting the traffic to arrive via the null0 interface. This method is manipulating the routing based on the specifc criteria. By advertising the discard address directly via BGP wouldnt the return path be back to trigger router? Were you able to drop the traffic as specified by the task? HTH Stu On Fri, Jan 29, 2010 at 11:49 AM, Michael Davis <[email protected] > wrote: > Sorry I meant task 7.19 – its late over here... > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Michael Davis > *Sent:* Friday, January 29, 2010 10:36 PM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] Lab 7a task 7.20 Source based RTBH > > > > Hi Everyone – I don’t understand the solution for task 7.20. I just > advertised the discard address route of 86.86.86.86 to null0 on the trigger > router (R6) using IBGP. The solution guide created static routes to this > address on all 3 routers. Is what I have done o.k? I would have thought it > easier to just advertise the dummy network via IBGP than to create static > routes to it on the individual routers. > > Does anyone know where to look in the documentation for RTBH? I have only > been able to find documentation using a google search. > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Regards, Stuart Hare CCIE #25616 (Security), CCSP, Microsoft MCP Sr. Support Engineer – IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
