Yes
On 6/22/2016 6:54 PM, Matt wrote:
Yes. Pretty easy.
/routing filter
add action=accept chain=bgp-out-gtt comment="GTT Blackhole" prefix-length=32
set-bgp-communities=3257:2666
/routing bgp network
add disabled=yes network=1.1.1.1/32 synchronize=no
The filter (at the top of the list)
> Yes. Pretty easy.
>
> /routing filter
> add action=accept chain=bgp-out-gtt comment="GTT Blackhole" prefix-length=32
> set-bgp-communities=3257:2666
>
> /routing bgp network
> add disabled=yes network=1.1.1.1/32 synchronize=no
>
> The filter (at the top of the list) matches any /32 in the BGP
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Josh Reynolds
> *Sent:* Wednesday, June 22, 2016 10:26 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik BGP Blackhole Community
>
>
>
> It takes FOR EV ER to get any change orders with them done
Takes me a bout 2 min. simple.
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Reynolds
Sent: Wednesday, June 22, 2016 10:26 AM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community
It takes FOR EV ER to get any change orders with them done.
Also, eCogent
> www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net
>>
>>
>>
>> From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
>> Sent: Wednesday, June 22, 2016 10:00 AM
>> To: af@afmug.com
>> Subject: Re: [AFMU
] On Behalf Of Justin Wilson
Sent: Wednesday, June 22, 2016 8:32 AM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community
Yeah this is not a community.
You advertise the blackhole Ip to their blackhole server. I assume at that
point they attach some communities to it themselves
Q
>> to get you added to their blackhole servers. J
>>
>>
>>
>>
>>
>> www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net
>>
>>
>>
>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
>> /sarcasm
>
There’s also this: https://onestep.net/communities/
Chris Wright
Network Administrator
Velociter Wireless
209-838-1221 x115
From: Chris Wright
Sent: Wednesday, June 22, 2016 8:39 AM
To: af@afmug.com
Subject: RE: [AFMUG] Mikrotik BGP Blackhole Community
I’ve got a small list of RTBH Communities
half Of That One Guy /sarcasm
> Sent: Wednesday, June 22, 2016 10:00 AM
> To: af@afmug.com <mailto:af@afmug.com>
> Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community
>
>
>
> is this for a single ip?
>
>
>
> our upstream thats actually communicating said
Yeah this is not a community.
You advertise the blackhole Ip to their blackhole server. I assume at that
point they attach some communities to it themselves and whatnot. But the way
this works is an entry is added to the filter list and that get advertised to
Cogent. You can do blocks of
uy
> /sarcasm
> *Sent:* Wednesday, June 22, 2016 10:00 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik BGP Blackhole Community
>
>
>
> is this for a single ip?
>
>
>
> our upstream thats actually communicating said they dont support blackhole
> community,
We offer it to our customers using a BGP community.
Erich Kaiser
The Fusion Network
er...@gotfusion.net
Office: 630-621-4804
Cell: 630-777-9291
On Wed, Jun 22, 2016 at 9:59 AM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:
> is this for a single ip?
>
> our upstream thats actually
To: af@afmug.com
Sent: Wednesday, June 22, 2016 9:59:47 AM
Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community
is this for a single ip?
our upstream thats actually communicating said they dont support blackhole
community, the other i assume wont either
is this stating you can trigger at co
ilto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Wednesday, June 22, 2016 10:00 AM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community
is this for a single ip?
our upstream thats actually communicating said they dont support blackhole
community, the other i
No. You have to have a BGP session with Cogent.
On Wed, Jun 22, 2016 at 10:59 AM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:
> is this for a single ip?
>
> our upstream thats actually communicating said they dont support blackhole
> community, the other i assume wont either
>
>
is this for a single ip?
our upstream thats actually communicating said they dont support blackhole
community, the other i assume wont either
is this stating you can trigger at cogent even though not peered with them
directly?
On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson
BlackHole server
The Blackhole server allows customers under a DDOS attack to send all traffic
to the IP address under attack to null route.
To request configuration on the blackhole server: Log into eCogent and click on
BGP request. You will need the following information:
1. Order Number.
Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I
have had to call Cogent to get IP's blacklisted previously.
On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson wrote:
> San example with Cogent:
>
>
>
> add in-filter=cogent-blackhole-in multihop=yes
San example with Cogent:
add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole
out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174
tcp-md5-key= ttl=default
update-source=
Justin Wilson
j...@mtin.net
---
http://www.mtin.net Owner/CEO
xISP Solutions-
Works great
-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dennis Burgess
Sent: Tuesday, June 21, 2016 8:51 AM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community
Many times!
www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net
Many times!
www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net
-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Matt
Sent: Monday, June 20, 2016 6:35 PM
To: af@afmug.com
Subject: [AFMUG] Mikrotik BGP Blackhole Community
Has anyone used BGP
Yes. Pretty easy.
/routing filter
add action=accept chain=bgp-out-gtt comment="GTT Blackhole"
prefix-length=32 set-bgp-communities=3257:2666
/routing bgp network
add disabled=yes network=1.1.1.1/32 synchronize=no
The filter (at the top of the list) matches any /32 in the BGP network
list
Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to
help deal with DOS attacks? Any examples of getting it too work with
Mikrotik?
23 matches
Mail list logo