Community tools can help fight DDoS attacks in three ways:
1. Bogon filtering blocks traffic from bogon address space not assigned to any network. Networks share bogon lists and filter incoming routes.
2. Flow Sonar provides visual network traffic analysis to detect anomalies indicating attacks. It incorporates DDoS alert feeds to identify compromised sources.
3. UTRS implements remote triggered blackhole filtering to divert suspected attack traffic to a null route. Cooperating networks distribute and apply attack filters to mitigate large infrastructure attacks.
Network State Awareness & Troubleshooting, by Faraz Shamim.
A presentation given at APRICOT 2016’s Network State Awareness and Troubleshooting tutorial on 25 February 2016.
Fighting against DDoS specially with volumetric attack is always challenging for an ISP or transit provider. There isn't any single solution which help us to filter out bad traffic; it's require collaboration with upstream and related organization. Beside this fining out the target is also time consuming; where most the the provider struggles. In this presentation I talk about my experience implementing few community based effort which help me to better fight against volumetric DDoS attack.
Abitcool - A vast array of small-scale service providers with gigabit access,...APNIC
Abitcool - A vast array of small-scale service providers with gigabit access, by Tony Hain. A presentation given at APNIC 38 during the APOPS 3 session.
CommunicAsia 2017: IPv6 deployment architecture for IoTAPNIC
APNIC Training and Technical Assistance Manager Nurul Islam discusses the design options for IPv6 in a broadband access network and the impact that IoT will have on this in order to support future growth at CommunicAsia 2017.
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
APNIC Senior Internet Resource Analyst Anna Mulingbayan gives an overview of how to secure your resources with RPKI and IRT at PhNOG 2020 in Manila, Philippines, on 24 February 2020.
Network State Awareness & Troubleshooting, by Faraz Shamim.
A presentation given at APRICOT 2016’s Network State Awareness and Troubleshooting tutorial on 25 February 2016.
Fighting against DDoS specially with volumetric attack is always challenging for an ISP or transit provider. There isn't any single solution which help us to filter out bad traffic; it's require collaboration with upstream and related organization. Beside this fining out the target is also time consuming; where most the the provider struggles. In this presentation I talk about my experience implementing few community based effort which help me to better fight against volumetric DDoS attack.
Abitcool - A vast array of small-scale service providers with gigabit access,...APNIC
Abitcool - A vast array of small-scale service providers with gigabit access, by Tony Hain. A presentation given at APNIC 38 during the APOPS 3 session.
CommunicAsia 2017: IPv6 deployment architecture for IoTAPNIC
APNIC Training and Technical Assistance Manager Nurul Islam discusses the design options for IPv6 in a broadband access network and the impact that IoT will have on this in order to support future growth at CommunicAsia 2017.
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
APNIC Senior Internet Resource Analyst Anna Mulingbayan gives an overview of how to secure your resources with RPKI and IRT at PhNOG 2020 in Manila, Philippines, on 24 February 2020.
APNIC Senior Internet Resource Analyst Elly Tawhai gives an update on some of APNIC's new initiatives at NZNOG 2020 in Christchurch, New Zealand, from 28 to 31 January 2020.
APNIC Network Operations Engineer and Senior Training Officer Sheryl Hermoso gives an update on ROA and RPKI deployment in the Philippines at PhNOG 2020 in Manila, Philippines, on 24 February 2020.
BGP: Whats so special about the number 512?GeoffHuston
It was reported that parts of the Internet crashed when the number of routes in the Internet's Inter-domain routing table (BGP) exceeded 512K routes. This presentation looks at the growth of the Internet's routing table and how this correlates to the capacity and speed of memory in hardware routers.
Welcome to the APNIC Member Gathering, MongoliaAPNIC
Services Director George Kuo presents on IPv6 deployment in the region; IPv6 in broadband networks, getting more IPv4 address space; APNIC whois data quality, and routing security at a Member Gathering in Mongolia from 13 to 14 June 2017.
IPv6 deployment architecture for broadband access networksAPNIC
At CommunicAsia 2016, Training and Technical Assistance Manager Nurul Islam discussed the design option for IPv6 in a broadband access network and the impact that IoT will have on this in order to support future growth.
Keeping DNS server up-and-running with “runitMen and Mice
A traditional Unix/Linux init system like SystemV-Init or BSD rc does start a DNS server process on server boot, but it does not restart the service in case of an abnormal termination. Modern init replacements like systemd provide process supervision, but bring extra complexities and possible stability and security issues.
This webinar demonstrates an alternative, open source process supervision system called “runit”.
“runit” is lean and fast and sticks to the Unix tradition to do one thing, and do that right.
In this webinar you will learn how to manage DNS server processes such as BIND 9, Unbound and NSD from runit.
APNIC Senior Internet Resource Analyst Elly Tawhai gives an update on some of APNIC's new initiatives at NZNOG 2020 in Christchurch, New Zealand, from 28 to 31 January 2020.
APNIC Network Operations Engineer and Senior Training Officer Sheryl Hermoso gives an update on ROA and RPKI deployment in the Philippines at PhNOG 2020 in Manila, Philippines, on 24 February 2020.
BGP: Whats so special about the number 512?GeoffHuston
It was reported that parts of the Internet crashed when the number of routes in the Internet's Inter-domain routing table (BGP) exceeded 512K routes. This presentation looks at the growth of the Internet's routing table and how this correlates to the capacity and speed of memory in hardware routers.
Welcome to the APNIC Member Gathering, MongoliaAPNIC
Services Director George Kuo presents on IPv6 deployment in the region; IPv6 in broadband networks, getting more IPv4 address space; APNIC whois data quality, and routing security at a Member Gathering in Mongolia from 13 to 14 June 2017.
IPv6 deployment architecture for broadband access networksAPNIC
At CommunicAsia 2016, Training and Technical Assistance Manager Nurul Islam discussed the design option for IPv6 in a broadband access network and the impact that IoT will have on this in order to support future growth.
Keeping DNS server up-and-running with “runitMen and Mice
A traditional Unix/Linux init system like SystemV-Init or BSD rc does start a DNS server process on server boot, but it does not restart the service in case of an abnormal termination. Modern init replacements like systemd provide process supervision, but bring extra complexities and possible stability and security issues.
This webinar demonstrates an alternative, open source process supervision system called “runit”.
“runit” is lean and fast and sticks to the Unix tradition to do one thing, and do that right.
In this webinar you will learn how to manage DNS server processes such as BIND 9, Unbound and NSD from runit.
In this installment of the Men & Mice webinar series, Mr. Carsten Strotmann will talk about the role that DNS plays in fighting malware and spam.
The discussion will dig into DNS blacklists, domain reputation, Response Policy Zones and how the new TLDs have changed the game.
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
The DNS protocol has built-in high availability for authoritative DNS servers (this will be better explained in the webinar!), but client machines can see a degraded DNS service if a DNS resolver (caching DNS server) is failing.
In this webinar, we will look into how the DNS clients in popular operating systems (Windows, Linux, macOS/iOS) choose the DNS resolver among a list of available servers, and how a DNS resolver service can be made failure-tolerant with open-source solutions such as “dnsdist” from PowerDNS and “relayd” from OpenBSD.
It goes without saying that DNS is only as secure as its servers. To ensure the successful and secure operation of a DNS server, secure configuration is paramount.
The new BIND 9 version 9.11 is a major version of the popular DNS server, released in August by ISC.
In this webinar Mr. Carsten Strotmann will demonstrate new features such as:
- Catalog Zones,
- dnssec-keymgr, new *rndc* functions
- CDS/CDNSKEY auto generation
- Negative Trust Anchor
- DNS cookies
-Refuse “any”
-and more.
Logging is important for troubleshooting a DNS service. Conveniently with BIND 9, almost all problems will show up somewhere in the log output, but only if the logging is enabled and configured correctly.
In this webinar, we’ll discuss the BIND 9 logging configuration and best practices in searching through large log-files to find the entries of interest. In addition, we’ll release log-management tools used by Men & Mice Services.
BSides: BGP Hijacking and Secure Internet RoutingAPNIC
APNIC Senior Network Analyst/Technical Trainer Warren Finch and APNIC Training Delivery Manager Tashi Phuntsho present on current tool and techniques, how Resource Public Key Infrastructure (RPKI) is just a piece in the puzzle, and what we should all do to secure Internet routing at BSides in Brisbane, Australia on 12 December 2020.
Senior Training Officer, Sheryl (Shane) Hermoso, outlines the importance of securing Internet routing to prevent route hijacking and prefix mis-origination with RPKI at the recent VNIX/NOG event in Ha Noi in November 2016.
For enterprise network engineers, implementing BGP can be an intimidating task. This presentation was given to address common architectures for internet and MPLS BGP usage, along with best practices.
32nd TWNIC IP OPM: ROA+ROV deployment & industry developmentAPNIC
APNIC Infrastructure & Development Director Che-Hoo Cheng gives a presentation on ROA and ROV deployment and why routing security is becoming more important than ever at the 32nd TWNIC IP OPM in Taipei from 20 to 21 June 2019.
LkNOG 3: Strengthening the Internet infrastructure in Sri LankaAPNIC
APNIC Deputy Director General Sanjaya gives a keynote address on strengthening the Sri Lankan Internet infrastructure at LkNOG 3 in Colombo, Sri Lanka from 2 to 4 October 2019.
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...ThousandEyes
The network is a key component in application delivery and is often a direct or indirect target of security attacks
such as DDoS and BGP hijacking. Mitigation strategies often involve using a third party cloud service without any
visibility into whether the mitigation is working well. Using real life examples, we will show how one can measure
the user perceived impact of an ongoing attack, as well as identify which aspects of the mitigation are not working
as desired. With this detailed availability and performance data at the various layers, financial firms can learn how
to better manage ongoing attacks.
With applications moving to the cloud and networks becoming more distributed, network security is of critical business importance. From this presentation you will:
• Gain an understanding of DDoS attacks and BGP routing
• See visualizations of recent network attacks
• Get tips to monitor your environment
Similar to Community tools to fight against DDoS, SANOG 27 (20)
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Community tools to fight against DDoS, SANOG 27
1. Issue Date:
Revision:
Community tools to fight
against DDoS
Fakrul Alam
Senior Training Officer
SANOG 27 & APNIC Regional Meeting, Kathmandu, Nepal
25 Jan - 01 Feb, 2016
26-12-2015
1.3
2. DDoS
• Denial of Service (DoS) / Distributed Denial of Service
(DDoS) is the act of
– performing an attack which prevents the system from providing
services to legitimate users
• Denial of Service attacks take many forms, and utilize many
attack vectors
• Used to cover up other attack vectors
3. Types of Attacks
• Volume Based Attacks
• Application Layer Attacks
3
http://thehackernews.com/2016/01/biggest-ddos-attack.html
4. Addressing DDoS attacks
• Preparation
– Deploy necessary tools and grab list
• Detection
– Detect incoming fake requests
• Mitigation
– Diversion : Send traffic to a specialized device that removes the fake
packets from the traffic stream while retaining the legitimate packets
– Return : Send back the clean traffic to the server
7. Bogon Filter
• A bogon prefix is a route that should never appear in the
Internet routing table
– Bogons are defined as Martians (private and reserved addresses
defined by RFC 1918, RFC 5735, and RFC 6598) and netblocks that
have not been allocated to a RIR by the IANA
• These are commonly found as the source addresses of
DDoS attacks
• Study shows 60% of the naughty packets were obvious
bogons
• Bogon and fullbogon lists are NOT static lists
8. Bogon Filter : Configuration IPv4
router bgp 17821
neighbor 38.229.xxx.xxx remote-as 65332
neighbor 38.229.xxx.xxx description CYMRUBOGONS
neighbor 38.229.xxx.xxx ebgp-multihop 255
neighbor 38.229.xxx.xxx password 7 070C134D575F0A5116
neighbor 38.229.xxx.xxx update-source Loopback0
!
address-family ipv4
neighbor 38.229.xxx.xxx activate
neighbor 38.229.xxx.xxx soft-reconfiguration inbound
neighbor 38.229.xxx.xxx prefix-list CYMRU-OUT-V4 out
neighbor 38.229.xxx.xxx route-map CYMRUBOGONS-V4 in
!
!configure community list to accept the bogon prefixes into the route-map
ip community-list 100 permit 65332:17821
!
!configure route-map. Remember to apply it to the proper peering sessions.
route-map CYMRUBOGONS-V4 permit 10
description IPv4 Filter bogons learned from cymru.com bogon route-servers
match community 100
set ip next-hop 192.0.2.1
!
!set a bogon next-hop on all routers that receive the bogons
ip route 192.0.2.1 255.255.255.255 Null0
!
ip prefix-list CYMRU-OUT-V4 seq 5 deny 0.0.0.0/0 le 32
8
9. Bogon Filter : Configuration IPv6
router bgp 17821
neighbor 2620:0:6B0::xxxx:xxxx remote-as 65332
neighbor 2620:0:6B0::xxxx:xxxx description CYMRUBOGONS
neighbor 2620:0:6B0::xxxx:xxxx ebgp-multihop 255
neighbor 2620:0:6B0::xxxx:xxxx password 7 0458390716775F1A08
neighbor 2620:0:6B0::xxxx:xxxx update-source Loopback0
!
address-family ipv6
neighbor 2620:0:6B0::xxxx:xxxx activate
neighbor 2620:0:6B0::xxxx:xxxx soft-reconfiguration inbound
neighbor 2620:0:6B0::xxxx:xxxx prefix-list CYMRU-OUT-V6 out
neighbor 2620:0:6B0::xxxx:xxxx route-map CYMRUBOGONS-V6 in
!
!configure community list to accept the bogon prefixes into the route-map
ip community-list 100 permit 65332:17821
!
!configure route-map. Remember to apply it to the proper peering sessions.
route-map CYMRUBOGONS-V6 permit 10
description IPv6 Filter bogons learned from cymru.com bogon route-servers
match community 100
set ipv6 next-hop 2001:DB8:0:DEAD:BEEF::1
!
!set a bogon next-hop on all routers that receive the bogons
ipv6 route 2001:DB8:0:DEAD:BEEF::1/128 Null0
!
ipv6 prefix-list CYMRU-OUT-V6 seq 5 deny ::/0 le 128
9
10. Bogon Filter : Output
APNIC-Training-Lab01#show ip bgp 31.22.8.0/21
BGP routing table entry for 31.22.8.0/21, version 175332535
Paths: (1 available, best #1, table default, not advertised
to EBGP peer)
Advertised to update-groups:
1
Refresh Epoch 1
65332, (received & used)
192.0.2.1 from 38.229.66.20 (38.229.66.20)
Origin IGP, localpref 100, valid, external, best
Community: 65332:17821 no-export
rx pathid: 0, tx pathid: 0x0
10
11. Bogon Filter : Status
• The IPv4 fullbogons list is approximately 3,714 prefixes.
– [date : 26th January, 2016]
• The IPv6 fullbogons list is approximately 65,788 prefixes.
– [date : 26th January, 2016]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
Up/Down State/PfxRcd
38.229.xxx.xxx 4 65332 12017 12017 186072391 0
0 1w0d 3733
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
Up/Down State/PfxRcd
2404:A800:xxxx:xx::xxxx
4 9498 3239994 72131 40075514 0 0
3w1d 65788
12. Bogon Filter : Peering
• Contact bogonrs@cymru.com
1. Which bogon types you wish to receive (traditional IPv4 bogons,
IPv4 fullbogons, and/or IPv6 fullbogons)
2. Your AS number
3. The IP address(es) you want us to peer with
4. Does your equipment support MD5 passwords for BGP sessions?
5. Optional: your GPG/PGP public key
• https://www.team-cymru.org/bogon-reference-bgp.html
14. Flow Sonar
• The Team Cymru Flow Sonar system is a powerful tool for
network managers to visually identify and understand what
is happening on their network at any given time
• Leveraging the free and open-source framework provided
by Peter Haag of SWITCH
• Special plugins "dosrannu" developed by Team Cymru to
track malicious activity on your network
• Unique dosrannu feeds alerted to DDoS attacks,
compromised machines, and the presence of connections
to C&C hosts
16. Flow Sonar : Get It
• Contact outreach@cymru.com
1. Team Cymru will send hardware
• 1 Server
• 1 Router
• https://www.team-cymru.org/Flow-Sonar.html
18. RTBH 101
CE
IP : 1.2.3.4
BGP : 1.2.3.0/24
PE
Transit I
Transit II
Provider InfraCustomer Infra
Website
Internet
IP : 203.0.113.114
BGP : 203.0.113.0/24
19. RTBH 101
CE
IP : 1.2.3.4
BGP : 1.2.3.0/24
PE
Transit I
Transit II
Provider InfraCustomer Infra
Website
Internet
DDoS Traffic
DDoS Traffic DDoS Traffic
IP : 203.0.113.114
BGP : 203.0.113.0/24
20. RTBH 101
CE
IP : 1.2.3.4
BGP : 1.2.3.0/24
PE
Transit I
Transit II
Provider InfraCustomer Infra
Website
Internet
DDoS Traffic
DDoS Traffic DDoS Traffic
BGP : 1.2.3.4/32
COM : 65420:666
IP : 203.0.113.114
BGP : 203.0.113.0/24
BGP : 203.0.113.0/32
COM : 65420:420
21. RTBH 101
CE
IP : 1.2.3.4
BGP : 1.2.3.0/24
PE
Transit I
Transit II
Provider InfraCustomer Infra
Website
Internet
DDoS Traffic
BGP : 1.2.3.4/32
COM : 65420:666
IP : 1.2.3.4/32 -> discard
IP : 1.2.3.4/32 -> discard
IP : 203.0.113.114
BGP : 203.0.113.0/24
BGP : 203.0.113.0/32
COM : 65420:420
IP : 203.0.113.114/32
IP : 203.0.113.114/32
22. RTBH Upstream
• Check whether your upsteam provider support RTBH
• Configure & Test RTBH before incident
• Only announce IPv4 /32's from address space you originate
or your customer
23. UTRS
• It’s based on the basic principle of DDoS filtering; Remotely
Triggered Black Hole Filtering
• UTRS is a system that helps mitigate large infrastructure
attacks by leveraging:
– an existing network of cooperating BGP speakers such as ISPs,
hosting providers and educational institutions
– that automatically distributes verified BGP-based filter rules from
victim to cooperating networks
24. UTRS : Configuration
router bgp 17821
neighbor 154.35.xxx.xxx remote-as 64496
neighbor 154.35.xxx.xxx description CYMRUBOGONS-UTRS
neighbor 154.35.xxx.xxx ebgp-multihop 255
neighbor 154.35.xxx.xxx transport connection-mode passive
neighbor 154.35.xxx.xxx password 7 xxxxxxxxxxxxxxxxxxxxxx
neighbor 154.35.xxx.xxx update-source Loopback0
!
address-family ipv4
neighbor 154.35.xxx.xxx activate
neighbor 154.35.xxx.xxx send-community
neighbor 154.35.xxx.xxx soft-reconfiguration inbound
neighbor 154.35.xxx.xxx route-map UTRS-OUT out
neighbor 154.35.xxx.xxx route-map UTRS-IN in
!
access-list 1 remark utility ACL to deny everything
access-list 1 deny any
!
ip prefix-list 32-only permit 0.0.0.0/0 ge 32
ip community-list standard RTBH permit 17821:0
!
route-map UTRS-IN permit 10
match ip address prefix-list 32-only
route-map UTRS-IN deny 100
match ip address 1
!
route-map UTRS-OUT permit 10
match ip address prefix-list 32-only
match community RTBH
route-map UTRS-OUT deny 100
match ip address 1
24
ip route 203.176.189.10 255.255.255.255 null0
25. UTRS : Apply
• Newly launched service
– Quite picky to choose whom to peer
– Do organization verification
• https://www.team-cymru.org/UTRS/index.html
• FAQ:
– https://www.cymru.com/jtk/misc/utrs.html