Re: [AFMUG] Mikrotik BGP Blackhole Community

Yes On 6/22/2016 6:54 PM, Matt wrote: Yes. Pretty easy. /routing filter add action=accept chain=bgp-out-gtt comment="GTT Blackhole" prefix-length=32 set-bgp-communities=3257:2666 /routing bgp network add disabled=yes network=1.1.1.1/32 synchronize=no The filter (at the top of the list)

Re: [AFMUG] Mikrotik BGP Blackhole Community

> Yes. Pretty easy. > > /routing filter > add action=accept chain=bgp-out-gtt comment="GTT Blackhole" prefix-length=32 > set-bgp-communities=3257:2666 > > /routing bgp network > add disabled=yes network=1.1.1.1/32 synchronize=no > > The filter (at the top of the list) matches any /32 in the BGP

Re: [AFMUG] Mikrotik BGP Blackhole Community

> > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Josh Reynolds > *Sent:* Wednesday, June 22, 2016 10:26 AM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik BGP Blackhole Community > > > > It takes FOR EV ER to get any change orders with them done

Re: [AFMUG] Mikrotik BGP Blackhole Community

Takes me a bout 2 min. simple. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Reynolds Sent: Wednesday, June 22, 2016 10:26 AM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community It takes FOR EV ER to get any change orders with them done. Also, eCogent

Re: [AFMUG] Mikrotik BGP Blackhole Community

> www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net >> >> >> >> From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm >> Sent: Wednesday, June 22, 2016 10:00 AM >> To: af@afmug.com >> Subject: Re: [AFMU

Re: [AFMUG] Mikrotik BGP Blackhole Community

] On Behalf Of Justin Wilson Sent: Wednesday, June 22, 2016 8:32 AM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community Yeah this is not a community. You advertise the blackhole Ip to their blackhole server. I assume at that point they attach some communities to it themselves

Re: [AFMUG] Mikrotik BGP Blackhole Community

Q >> to get you added to their blackhole servers. J >> >> >> >> >> >> www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net >> >> >> >> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy >> /sarcasm >

Re: [AFMUG] Mikrotik BGP Blackhole Community

There’s also this: https://onestep.net/communities/ Chris Wright Network Administrator Velociter Wireless 209-838-1221 x115 From: Chris Wright Sent: Wednesday, June 22, 2016 8:39 AM To: af@afmug.com Subject: RE: [AFMUG] Mikrotik BGP Blackhole Community I’ve got a small list of RTBH Communities

Re: [AFMUG] Mikrotik BGP Blackhole Community

half Of That One Guy /sarcasm > Sent: Wednesday, June 22, 2016 10:00 AM > To: af@afmug.com <mailto:af@afmug.com> > Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community > > > > is this for a single ip? > > > > our upstream thats actually communicating said

Re: [AFMUG] Mikrotik BGP Blackhole Community

Yeah this is not a community. You advertise the blackhole Ip to their blackhole server. I assume at that point they attach some communities to it themselves and whatnot. But the way this works is an entry is added to the filter list and that get advertised to Cogent. You can do blocks of

Re: [AFMUG] Mikrotik BGP Blackhole Community

uy > /sarcasm > *Sent:* Wednesday, June 22, 2016 10:00 AM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik BGP Blackhole Community > > > > is this for a single ip? > > > > our upstream thats actually communicating said they dont support blackhole > community,

Re: [AFMUG] Mikrotik BGP Blackhole Community

We offer it to our customers using a BGP community. Erich Kaiser The Fusion Network er...@gotfusion.net Office: 630-621-4804 Cell: 630-777-9291 On Wed, Jun 22, 2016 at 9:59 AM, That One Guy /sarcasm < thatoneguyst...@gmail.com> wrote: > is this for a single ip? > > our upstream thats actually

Re: [AFMUG] Mikrotik BGP Blackhole Community

To: af@afmug.com Sent: Wednesday, June 22, 2016 9:59:47 AM Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community is this for a single ip? our upstream thats actually communicating said they dont support blackhole community, the other i assume wont either is this stating you can trigger at co

Re: [AFMUG] Mikrotik BGP Blackhole Community

ilto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Wednesday, June 22, 2016 10:00 AM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community is this for a single ip? our upstream thats actually communicating said they dont support blackhole community, the other i

Re: [AFMUG] Mikrotik BGP Blackhole Community

No. You have to have a BGP session with Cogent. On Wed, Jun 22, 2016 at 10:59 AM, That One Guy /sarcasm < thatoneguyst...@gmail.com> wrote: > is this for a single ip? > > our upstream thats actually communicating said they dont support blackhole > community, the other i assume wont either > >

Re: [AFMUG] Mikrotik BGP Blackhole Community

is this for a single ip? our upstream thats actually communicating said they dont support blackhole community, the other i assume wont either is this stating you can trigger at cogent even though not peered with them directly? On Wed, Jun 22, 2016 at 9:51 AM, Justin Wilson

Re: [AFMUG] Mikrotik BGP Blackhole Community

BlackHole server The Blackhole server allows customers under a DDOS attack to send all traffic to the IP address under attack to null route. To request configuration on the blackhole server: Log into eCogent and click on BGP request. You will need the following information: 1. Order Number.

Re: [AFMUG] Mikrotik BGP Blackhole Community

Really? Mikrotik can automatically trigger a blackhole IP with Cogent? I have had to call Cogent to get IP's blacklisted previously. On Wed, Jun 22, 2016 at 10:15 AM, Justin Wilson wrote: > San example with Cogent: > > > > add in-filter=cogent-blackhole-in multihop=yes

Re: [AFMUG] Mikrotik BGP Blackhole Community

San example with Cogent: add in-filter=cogent-blackhole-in multihop=yes name=Cogent-BlackHole out-filter=cogent-blackhole-out remote-address=130.117.20.1 remote-as=174 tcp-md5-key= ttl=default update-source= Justin Wilson j...@mtin.net --- http://www.mtin.net Owner/CEO xISP Solutions-

Re: [AFMUG] Mikrotik BGP Blackhole Community

Works great -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dennis Burgess Sent: Tuesday, June 21, 2016 8:51 AM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik BGP Blackhole Community Many times! www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net

Re: [AFMUG] Mikrotik BGP Blackhole Community

Many times! www.linktechs.net – 314-735-0270 x103 – dmburg...@linktechs.net -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Matt Sent: Monday, June 20, 2016 6:35 PM To: af@afmug.com Subject: [AFMUG] Mikrotik BGP Blackhole Community Has anyone used BGP

Re: [AFMUG] Mikrotik BGP Blackhole Community

Yes. Pretty easy. /routing filter add action=accept chain=bgp-out-gtt comment="GTT Blackhole" prefix-length=32 set-bgp-communities=3257:2666 /routing bgp network add disabled=yes network=1.1.1.1/32 synchronize=no The filter (at the top of the list) matches any /32 in the BGP network list

[AFMUG] Mikrotik BGP Blackhole Community

Has anyone used BGP and Remote-Triggered BlackHole with Mikrotik to help deal with DOS attacks? Any examples of getting it too work with Mikrotik?