As a result, all traffic to the IP address 172.12.0.1 is sent to the 192.0.2.1 thus is effectively being dropped by the null route on PE routers. The static route to 172.12.0.1/32 is then redistributed via iBGP sessions from the trigger to PE routers but with the next hop changed to the IP 192.0.2.1. As soon as a customer asks an ISP to filter the currently running DDoS, the ISP creates a static route to the targeted prefix 172.12.0.1/32 on the trigger machine pointing to a null interface. Let’s say that a DDoS attack is launched against a customer web server with IP address 172.12.0.1. It has established internal BGP (iBGP) sessions with PE routers. The trigger machine is a router or Unix machine running BGP daemon that is a part of ISP infrastructure. It is a precaution measure that ISP installs in advance along with building a trigger machine. ![]() The ISP sets a permanent static route utilizing the unused prefix pointing to the null interface on its PE routers, e.g. Remote black hole filtering based on the destination IP address is a commonly used technique. Blackholing is based on either the source or destination IP address. At the time when the day-long DDoS attacks against a small organization are offered for as low as $100, with a 5-minute test DDoS attack free of charge (showing the attacker capabilities), the importance of having a reactive defense strategy against such attacks is hard to underestimate.ĭDoS traffic should be blackholed (dropped) closest to the source of the attack. Typical symptoms of a DDoS attack are excessive bandwidth utilization on a targeted network and services crashing on victim’s machines. ![]() The goal of a DDoS attack is the depletion of resources (CPU, RAM, bandwidth) of a remote target so that the service becomes unavailable for legitimate users. Unwanted traffic that floods networks and machines from many different sources is often intentionally generated by the distributed-denial-of-service (DDoS) attack. ![]() For example, a customer can ask a provider to install black hole on its provider edge (PE) routers to prevent unwanted traffic from entering a customer’s network. Black holes are placed in the parts of a network where unwanted traffic should be dropped. BGP blackhole filtering is a routing technique used to drop unwanted traffic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |