Attacks on BGP Routing Ranges

• Subject: Attacks on BGP Routing Ranges
• From: job at instituut.net (Job Snijders)
• Date: Wed, 18 Apr 2018 10:44:47 +0000
• In-reply-to: <[email protected]>
• References: <[email protected]>

Hi,

On Wed, 18 Apr 2018 at 11:39, Ryan Hamel <Ryan.Hamel at quadranet.com> wrote:

> I wanted to poll everyones thoughts on how to deal with attacks directly
> on BGP peering ranges (/30's, /127's).
>
> I know that sending an RTBH for our side of the upstream routing range
> does not resolve the issue, and it would actually make things worse by
> blackholing all inbound traffic on the carrier I send the null to. What are
> my options for carriers that are not willing to help investigate the
> situation or write up a firewall rule to mitigate it on the circuit? I am
> not a fan of naming and shaming because it has unintended consequences.
>
> Thanks in advance for everyone's suggestions.



Some carriers offer â??unreachable linknetsâ??, linknets that are carved from
netblocks that arenâ??t announced in the DFZ or are firewalled off.

If the carrier doesnâ??t want to help, your best course of action may be to
disconnect the circuit to stop the attack traffic.

Kind regards,

Job

• Follow-Ups:
  • Attacks on BGP Routing Ranges
    • From: Ryan.Hamel at quadranet.com (Ryan Hamel)

• References:
  • Attacks on BGP Routing Ranges
    • From: Ryan.Hamel at quadranet.com (Ryan Hamel)

• Prev by Date: Attacks on BGP Routing Ranges
• Next by Date: Attacks on BGP Routing Ranges
• Previous by thread: Attacks on BGP Routing Ranges
• Next by thread: Attacks on BGP Routing Ranges
• Index(es):
  • Date
  • Thread