Destination Based RTBH

24 December, 2008 Posted by zismail As CCIE SP, Security (0) Comment

Chirag, this ones for you dude.

Consider the topology below.

PC1 sends a syn flood attack using source IP 192.168.1.1 to PC2 destination address 172.16.1.1.

The network engineer at ZeeNet spots the attack and quickly logs onto the trigger router. He adds a static route to the trigger router which states that the next hop for 172.16.1.1/32 is Null0. This static route is then redistributed into BGP and advertised using iBGP to R1. When the static route is redistributed into iBGP, the route-map attached to the redist static command changes the next hop to 192.0.2.1.

R1 has a static route which states to get to 192.0.2.1 go via the null0 interface.

All traffic destined to 172.16.1.1 is then black holed. You might be thinking, Whats the point of that ie ZeeNet has actually black holed the end user. This is true, but at the same time we have removed a lot of unwanted traffic from the ZeeNet network.

The above is a simple example, imagine a scenario where an attacker uses thousands of machines to generate an attack. This could amount to gigabits worth of attack traffic. ZeeNet need to protect their own infrastructure otherwise a lot more of their users will feel the attack.

Now lets look at how to configure destination based RTBH

Categories : CCIE SP, Security

No comments yet.

Recent Posts
Comments
- shivlu jain on 6PE – IPv6 over MPLS
- V on eBGP multihop
- Zarar on eBGP multihop
- Ze Kai on eBGP multihop
- Dpg on BGP – Remove Private AS
Blogroll
- Packet Life
  The Science of Network Troubleshooting
  5 Hours Ago
- IT Dualism
  Changing the Future of Networking
  12 Hours Ago
- IOS hints and tricks
  New webinar pricing
  19 Hours Ago
- bitbucketblog
  My 1st SP Lab Attempt
  1 Day Ago
- Ruhann Du Plessis
  OTV Part II
  1 Week Ago
- ccie-in-3-months
  Realtime chat between Cisco routers
  3 Weeks Ago
- networkers online
  MTU and ping size confusion
  4 Weeks Ago
- cciethebeginning
  VRF-Lite as an alternative to VPC
  5 Weeks Ago
- Jeff Doyles blog
  Understanding Dual-Stack Lite
  19 Weeks Ago
- 21500.org
- 6200networks
- CCIE11440
- Complete Party Supplies
  Wow! Wow! Wubbzy!

Categories
- 12.2SX (1)
- 6509 (1)
- AToM (2)
- BGP (21)
- CCIE (20)
- CCIE SP (80)
- CCIP (6)
- CCNA (3)
- CCNP (7)
- Common Errors (2)
- EIGRP (1)
- FTP (2)
- Headers (4)
- HSRP VRRP GLBP IRDP (1)
- Inter-AS (13)
- iPhone (7)
- iPod (18)
- IPv6 (1)
- IS-IS (12)
- L2TPv3 (2)
- ME 3400 (1)
- MPLS (10)
- MPLS VPN (17)
- MSDP (1)
- Multicast (12)
- MVPN (1)
- OSPF (3)
- PE-CE Routing (6)
- PIM bidir (1)
- PIM-DM (1)
- PIM-SM (6)
- PIM-SSM (1)
- Security (5)
- TFTP (1)
- Traffic Engineering (8)
- Uncategorized (1)
- Wireless (2)
Archives
- November 2009 (3)
- October 2009 (6)
- August 2009 (4)
- July 2009 (3)
- February 2009 (4)
- January 2009 (12)
- December 2008 (18)
- November 2008 (25)
- October 2008 (7)
- August 2008 (1)
- July 2008 (6)
- May 2008 (1)

Welcome