We've been using a nfsen backend plugin for almost 10 years to do ddos
detection and alarming. It's coupled with an inhouse web interface for
validation, logging and triggering a rtbh. The triggering is manual (user
initiated), but the deployment is done with scripts that connect to some
routers and make a /32 announcement in BGP with a blackhole nexthop. Sadly
I haven't had time to open-source it (mostly because large parts of it are
dependent on the environment (like IP resolution, mitigation rules,
alerting, etc)), but maybe I'll get to doing it eventually.
On Thu, Aug 30, 2018 at 11:35 PM Alfredo Sola <
alfr...@solucionesdinamicas.net> wrote:
>
> Hi, does anyone know how to use nfsen netflow data to trigger a rtbh
> (remotely triggered blackhole) route using bgp ? …I’m thinking we could
> use quagga or a script of some sort to interact with a router to advertise
> to bgp the /32 host route of the victim under attack.
>
>
> We use samplicator to send flows to nfsen and fastnetmon (and some other
> places out of this scope). For rtbh, I find that fastnetmon is a great
> solution and, while we do have alets in nfsen for some conditions, for rtbh
> fastnetmon is just great.
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
