There are software that combine your needs altogether. I'm sure there are others.
WANGuard from Andrisoft (https://www.andrisoft.com/software/wanguard) Fastnetmon (https://fastnetmon.com/) From: NANOG <nanog-boun...@nanog.org> On Behalf Of Aaron Gould Sent: Thursday, August 30, 2018 12:53 PM To: Nanog@nanog.org Subject: automatic rtbh trigger using flow data Hi, does anyone know how to use flow data to trigger a rtbh (remotely triggered blackhole) route using bgp ? ...I'm thinking we could use quagga or a script of some sort to interact with a router to advertise to bgp the /32 host route of the victim under attack. Btw, I already have nfsen running and we receive real-time alters of various types of attacks, high volume, high ports, etc... and then we telnet into a cisco trigger router and drop a few lines of code into it and then bgp does the rest within seconds, the upstream providers learn of this route via communities and they rtbh it in their cloud, BUT, I would like my alerts to do this automatically... that would be very nice. Any guidance would be appreciated. -Aaron
