This is something I setup in my desktop lab (Dynamips) based on the REMOTELY TRIGGERED BLACK HOLE FILTERING—DESTINATION BASED AND SOURCE BASED white paper available from Cisco website.
Configurations
Target
Edge
Trigger
RR-BGP
PE1
PE2
Smurf
In the diagram, the provider network is enclosed in the blue area. The Target router is the victim and Smurf is the attacker network. Let's say we're seeing massive amount of traffic coming from Smurf network with destination as the Target router. We identify these as a dos attack on the Target network so as Service Provider we must: 1. Protect our customer and 2. Protect the provider network.
RTBH provides a method of telling the provider edge routers to block an identified traffic just by adding the source or destination address to a sort of blacklist. These blacklist are actually static routes added to the Trigger router that are propagated throughout the network via iBGP. These routes points to a null interface as its next-hop, so effectively dropping the bogus traffic.
No comments:
Post a Comment