Unfortunately, some upstream providers will not setup a blackhole community. '"That would be a security problem!" Then you get to call them and wait for their service to drag a tech out of bed. By the time the so that, the DDoS is over.
If you have multiple BGP enabled connections, you can withdraw the normal routes from one connection and announce the smallest network your upstream will accept which contains the victim IP(s). That is what I have to do. On November 7, 2014 9:44:35 AM CST, Butch Evans <[email protected]> wrote: >On 11/07/2014 02:25 AM, Chris Hudson wrote: >> This particular device does not have nap server enabled. It's my core >router facing my upstream. I have a filter rule to drop port 123 but it >isn't curbing the effects. My whole pipe of course is being eaten up. I >have currently disabled that interface and am running on my secondary >connection. It did this last night from 1 am to 3 am my time and >started right at 1 am again today. Also for about 10 to 15 minutes >right around 5 pm this evening. > >What is the IP that is being attacked? If it is your public IP, you >can >blackhole that one IP with BGP. Your upstream should be able to tell >you the blackhole community to use. > > >-- >Butch Evans >702-537-0979 >Network Support and Engineering >http://store.wispgear.net/ >http://www.butchevans.com/ >_______________________________________________ >Mikrotik mailing list >[email protected] >http://mail.butchevans.com/mailman/listinfo/mikrotik > >Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >RouterOS -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20141107/38cccefc/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
